September 3, 2015
New variants of the notorious Carbanak Trojan have surfaced in Europe and the United States, and researchers say that the malware now has its own proprietary communications protocol and the samples seen so far have been digitally signed.
Carbanak has been in use for several years, and researchers at Kaspersky Lab earlier this year revealed the details of a major Carbanak campaign that took banks for about $1 billion. That campaign targeted banks directly, rather than going after end users. The attacks begin with spearphishing emails that have rigged attachments containing the Carbanak backdoor. Once on a compromised machine, Carbanak gives attackers remote control of the machine and the criminals used that as a foothold on the bank’s network and then stole money in several different ways.