Malware Source Code Found in Plain Sight – after 2 Years

Tuesday, April 23, 2019 @ 05:04 PM gHale

Source code of the very successful Carbanak malware has been on VirusTotal for the past two years.

Security provider, FireEye, found it and analyzed it, and decided to go public on the discovery.

RELATED STORIES
Manufacturer a Supply-Chain Attack Target: Report
‘Sea Turtle’ Targets Energy Firms
Cyber Incident Response Plans Lacking: Report
IT Rate of Change Accelerating

The source code for the backdoor Trojan ended up created by the successful hacking group called FIN7, also known as Carbanak, Anunak, or the Cobalt Group. This group has been responsible for over $1.12 billion in thefts from financial entities.

The attack usually starts when bank employee victims end up downloading the Carbanak malware, which then ends up used to pivot inside compromised networks.

The attackers then gain access to the right system and transfer money from a bank’s accounts or orchestrate coordinated ATM cash-outs.

This month FireEye security researcher Nick Carr found two archives uploaded on the VirusTotal malware scanning portal that contained Carbanak’s source code.

The two files, uploaded from a Russian IP address, turned out to be the real deal, and have helped FireEye better understand FIN7’s malware, even if by that time, the group had switched to using different tools.

The company published two blog posts (Part one and Part two) of a four-part series that will analyze the Carbanak source code in greater detail.



Leave a Reply

You must be logged in to post a comment.