Threats to financial institutions have surpassed all prior records in the last year. This has impacted not only businesses but also their customers as sensitive data is at risk.
Customers of European and South American banks are apparently the target of a new banking trojan in a new phishing campaign.
Maxtrilha, a malware created by Brazilian hackers that uses customised phishing templates is used to target financial systems all around the world.
Its occurrences have so far been discovered in Latin America, extended Europe, and Portugal.
The data of the victims is encrypted and transmitted to the C2 server in Russia.
Maxtrilha Trojan
Due to the usage of the maxtrilha123 encryption key in a binary operation, the trojan is known as maxtrilha.
Maxtrilha is a Delphi-based x64 binary that can bypass antivirus and EDR systems.
It first builds persistence on the affected system by opening a legitimate web page presented on the phishing template.
It also disables Internet Explorer security settings and accepted extensions to make way for the 2nd stage payload, which also checks for persistence on the system.
In the second stage, maxtrilha installs or modifies Windows trusted certificates and performs a banking windows overlay to steal credentials, all while dropping additional payloads executed through DLL injection technique.
Latest Attacks
The S.O.V.A. Android trojan recently targeted banking and shopping apps as well as cryptocurrency wallets of users in the United States and Spain. The trojan, which is still in development and testing phase, attempts to incorporate overlay techniques and keylogging mechanisms.
Due to a problem with one of its third-party providers, Australia and New Zealand Banking Group’s New Zealand site, Kiwibank, MetService, and NZ Post were all targeted by a major DDoS attack last week.
Meanwhile, McAfee discovered the Android/Banker.BT malware threat, which poses as a security banking tool or a bank application for reporting an out-of-service ATM.
A Brief Conclusion
By fixing flaws in the system, financial industry leaders and their security teams should find a way to mitigate threats and reduce attack surfaces. Apart from adopting latest technologies to provide a seamless banking service, firms must allocate funds to upgrade and strengthen their security posture, as these threats will only rise in the future.