The Fin7 cybercrime group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. Researchers said that this is evidence that Fin7 is still a growing threat despite the arrest of several Fin7 members in 2018.
The notorious group has adopted a new dropper sample called Boostwrite, which uses new detection evasion tactics, such as the adoption of valid certificates, to distribute malware onto victims’ systems. Researchers have also discovered the group using a new payload, Rdfsniffer. The payload has been developed to tamper with a remote IT administration tool used in tech support for payment processing applications. This, researchers said, suggests a continued targeting of point-of-sale systems at restaurants, casinos and hotels.