Trojan Malware Campaign Attempting to Compromise Cryptocurrency Trading Firms
According to ZDNet, an updated version of the Cardinal RAT malware has been discovered by Unit 42. The new Trojan malware campaign is specifically targeting Israeli financial technology firms, including those that develop software for cryptocurrency trading.
Password-stealing malware
Cardinal, which was first discovered in 2017, steals usernames, passwords, and other types of sensitive information. It is also able of taking screenshots, downloading and executing files, and even uninstalling itself once the whole job is done.
Our latest research on #CardinalRat shows #anti-analysis techniques, use of #steganography pairing with new #malware #EVILNUM; targeting financial technology (#fintech) firms in #Israel https://t.co/zfzjlgTDAN pic.twitter.com/5qG7XY9LMF
— Unit 42 (@Unit42_Intel) March 19, 2019
A lucrative target
The malicious campaign appears to be targeting fintech companies in Israel that are involved in forex and cryptocurrency trading. Unit 42 explains that this a very lucrative target, which justifies the amount of time and money they spent on reviving Cardinal. There could be even two separate groups of hackers that are focusing on the same firms.
No success so far
However, the report also states that none of the attacks have been successful so far. Unit 42 encourages the potential victims to beef up their security in order not to be affected by Cardinal.