Tech support

The infamous Carbanak (Anunak) group is employing a new social engineering trick to fool customer support representatives into installing malware on their systems, and hence, provide the crooks with a backdoor into targeted companies.

Over the past month, security firm Trustwave says that three of its customers were targeted in the same way by the Carbanak gang, which is mostly known for stealing over $1 billion from Russian banks.

This time around, the crooks targeted two companies in the hospitality field and a restaurant chain.

Wiz

Group targets customer support staff

Trustwave says that the group has devised a clever trick to attack its targets. Crooks call customer support representatives and claim they can't access one of the company's apps, such as the reservations system.

Instead, the crooks, masquerading as a potential customer, offer to send a Word document with the reservation details to the customer support representative.

To make sure their target opens the document, the crooks stay on the phone with the victim until the malware takes root, and they can see it pinging back to their servers.

Carbanak malware infections are undetectable

Trustwave says that the infected Word document contains malicious Visual Basic scripts that download malware on the victim's computer.

This malware was undetectable at the time of Trustwave's analysis, and during their investigation, crooks released new versions in order to stay ahead of security researchers.

This is not surprising. The Carbanak gang is known as the most advanced cybercrime syndicate to date. Besides robbing Russian banks en-masse in 2014 and 2015, the Carbanak gang is also the main suspect behind the security breach at Oracle MICROS, a point-of-sale (POS) payments processing service.

Carbanak gang possesses a full malware arsenal

Once the Carbanak has a foothold inside an enterprise, through the computer of its customer support rep, the group uses the initial malware to download more potent threats.

These second-stage tools are used to take control of the victim's PC, scan the company's network, and spread to new computers, stealing the information they were after.

In these most recent infections, the group was most likely after credit card information, which they could get their hands on by infecting their targets' POS systems.

Trustwave suspects that besides its three clients, many other companies are targeted through the same social engineering tactics.

tines

Break down IAM silos like Bitpanda, KnowBe4, and PathAI

Broken IAM isn't just an IT problem - the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.

Related Articles:

Former Coinbase support agent arrested for helping hackers

Hacker arrested for KMSAuto malware campaign with 2.8 million downloads

Fake MAS Windows activation domain used to spread PowerShell malware

WebRAT malware spread via fake vulnerability exploits on GitHub

New MacSync malware dropper evades macOS Gatekeeper checks