Security News African and Asian Banks Hit by Targeted Zero Day

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
ecurity researchers have discovered a new series of attacks against banks in Africa and Asia utilizing a zero day exploit in a local word processing app.

The exploit in question is aimed at the InPage software package typically used by Urdu and Arabic-speaking people – with a claimed two million users worldwide, according to Russian AV firm Kaspersky Lab.

The zero day is delivered to individuals in targeted banks via a classic spear phishing email, which aims to use social engineering tactics to trick the recipient into opening a malicious attachment disguised as a legitimate document.

After successfully exploiting the vulnerability in question, the malware will phone home to a C&C server and download legitimate remote access tools, Kaspersky Lab claimed.

In some cases, Zeus-type malware is downloaded, the firm added.

Kaspersky Lab security expert, Denis Legezo, said it’s easy to understand why attackers are using bugs in localized software like InPage.

“The attackers adjust their tactics to their target’s behavior by developing exploits for custom software which doesn’t always receive the kind of scrutiny that big software companies apply to their products,” he explained.

“Since local software is not a common target of exploit writers, vendors are not very responsive to vulnerability reports and existing exploits remain workable for a long time.”

A similar tactic was used back in 2013 against the Hangul Word Processor (HWP) software popular in South Korea, the firm added.

Full Article. African and Asian Banks Hit by Targeted Zero Day
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top