silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
- Content source
- https://threatpost.com/fin7-retools/149117/
The Fin7 cybercrime group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. Researchers said that this is evidence that Fin7 is still a growing threat despite the arrest of several Fin7 members in 2018.
The notorious group has adopted a new dropper sample called Boostwrite, which uses new detection evasion tactics, such as the adoption of valid certificates, to distribute malware onto victims’ systems. Researchers have also discovered the group using a new payload, Rdfsniffer. The payload has been developed to tamper with a remote IT administration tool used in tech support for payment processing applications. This, researchers said, suggests a continued targeting of point-of-sale systems at restaurants, casinos and hotels.
“While these incidents have also included FIN7’s typical and long-used toolsets, such as Carbanak and Babymetal, the introduction of new tools and techniques provides further evidence FIN7 is continuing to evolve in response to security enhancements,” researchers with FireEye said in a Thursday analysis.
Fin7 Cybergang Retools With New Malicious Code
A new dropper and payload show that Fin7 isn't going anywhere despite a crackdown on the infamous group by law enforcement in 2018.
threatpost.com