Cardinal RAT malware strikes two cryptocurrency firms in Israel

click here to see original post

One of the main concerns of the cryptocurrency space has always been hacking and malware. Recently, a research division of Palo Alto networks, Unit 42, detected a malicious malware targeting two Israeli fintech and cryptocurrency trading software companies. The malware in question was Cardinal RAT malware aka Remote Access Trojan, which was initially discovered in 2017.

The report by Unit 42 read,

“This malware family had remained undetected for over two years and was delivered via a unique downloader named Carp Downloader.”

It reported that the research division continued to keep tabs on the malware since it was first discovered. This was the main reason why they were able to discover “a series of attacks using an updated version of Cardinal RAT.” The report further stated that that there were a “series of modifications” in the RAT, which could have been made in order to “evade detection,” and also hinder the analysis.

The report added,

“We witnessed attacks targeting the financial technology [FinTech] sector, primarily focused on organizations based in Israel. While researching these attacks, we discovered a possible relationship between Cardinal RAT and another malware family named EVILNUM […] a JavaScript-based malware”

With this malware, the attacker can gain access to the victim’s personal information, capture screenshots, clean cookies from browser, uninstall itself from the victims device, execute command, recover passwords, download and execute new files, and update settings.

Even though the details pertaining to the two companies that build software for the Forex and cryptocurrency trading firms have not been disclosed, the implications of this malware attack could be disastrous. This entirely depends on the platform’s main operations, such as whether they had information of customers stored in their devices.

In a statement to thenextweb, Unit 42 stated “that the malicious files find their way onto machines through lure documents attached to spam messages that were sent to individuals thought to operate as Forex and cryptocurrency traders.”


Follow us on Telegram | Twitter | Facebook


Don’t Miss

Huobi announces launch of Huobi Prime, a premium token listing channel

Priya is a full-time member of the reporting team at AMBCrypto. She is a finance major with one year of writing experience. She has not held any value in Bitcoin or other currencies.

Share !