Security News 'Beeeellion-dollar' mastercrooks in hotel, restaurant blitzkrieg

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Carbanak: It's not just a caramel-flavoured choc-trocity. It's also malware

The Carbanak cyber criminal gang is abusing Google’s infrastructure as a conduit for botnet control.


The gang became
notorious when it was blamed for the theft of one billion dollars from more than 100 banks across 30 countries back in 2015. Fast-forward two years and Carbanak is now infecting users via a script that will send and receive commands to and from Google Apps and Google Forms services.


Hackers behind the campaign are procuring legitimate digital certificates via Russian shell corporations in order to mount the ongoing assault, the sophistication of which is above and beyond this commonly encountered in cybercrime campaigns and up closer to the tradecraft employed of nation-state spies.



Forcepoint Security Labs reckons it is likely that it is using Google services because they are allowed by default at many organisations, making it easier for hackers to exfiltrate data and send instructions.



The latest run of attacks features booby-trapped RTF documents containing an encoded Visual Basic Script (VBScript) typical of previous Carbanak malware, as explained in greater depth in a blog post by Forcepoint
here.


Trustwave adds that Carbanak’s latest campaign is aimed at the hospitality industry. One (unnamed) restaurant chain with over 1,500 locations, as well as an (also unnamed) luxury hotel chain have already been affected.



Firms in e-commerce and retail are also potentially at risk from the latest attacks, it adds. Trustwave published a 45-page report on he group’s latest antics and summary
blog post on Wednesday.

The latest run of attacks follow reports back in August that the Carbanak gang was targeting payment terminal makers, assaults that are increasingly starting to look like phase one of an ambitious series of cyber-heists.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top