silversurfer

Level 52
Verified
Trusted
Content Creator
Malware Hunter
The Redaman banking trojan ramped up its activity in the last part of 2018, employing ongoing back-end changes in order to evade detection, according to a new Wednesday report.

Redaman as a malware first came on the scene in 2015, and since then has consistently targeted victims that use Russian financial institutions. But from September through December 2018, researchers at Palo Alto Networks’ Unit 42 division saw increasing numbers of mass spam messages delivering the trojan.

The emails targeted Russian email recipients, often with email addresses ending in .ru, and delivered their payloads via a rotating assortment of archived Windows executable files disguised as PDF documents, according to the firm’s analysis.

1548316267206.png