Fin7 Cybergang Retools With New Malicious Code

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The Fin7 cybercrime group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. Researchers said that this is evidence that Fin7 is still a growing threat despite the arrest of several Fin7 members in 2018.

The notorious group has adopted a new dropper sample called Boostwrite, which uses new detection evasion tactics, such as the adoption of valid certificates, to distribute malware onto victims’ systems. Researchers have also discovered the group using a new payload, Rdfsniffer. The payload has been developed to tamper with a remote IT administration tool used in tech support for payment processing applications. This, researchers said, suggests a continued targeting of point-of-sale systems at restaurants, casinos and hotels.

“While these incidents have also included FIN7’s typical and long-used toolsets, such as Carbanak and Babymetal, the introduction of new tools and techniques provides further evidence FIN7 is continuing to evolve in response to security enhancements,” researchers with FireEye said in a Thursday analysis.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top