Persistent Financial Malware ‘Nemesis’ Targets Boot Record

December 7, 2015

A group of attackers are behind a strain of payment card malware that has bootkit functionality, something that makes it very difficult to detect, much less remove.

“FIN1,” the group behind the malware, appears to be based in Russia, according to researchers at both FireEye and Mandiant who described the group on Monday. The two firms uncovered the specialized malware this past September while carrying out an investigation at an unnamed financial organization.

FIN1 maintains a fairly comprehensive malware ecosystem – ‘Nemesis’ – a cornucopia of malware, backdoors, files, and utilities it uses to infiltrate systems and extract cardholder data, according to the researchers. Like most types of financial malware, Nemesis is replete with capabilities, including file transfer, a keylogger, screen capture, and process manipulation.


Read full story…