The Italian banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBANbjan since at least 2019.Over the years, the operators behind drIBan have gotten more savvy at avoiding detection and developing effective social engineering strategies, in addition to establishing a foothold for long periods in corporate bank networks.
The phishing emails come bearing an executable file that acts as a downloader for a malware called sLoad.
Another characteristic of the malware is its ability to check against a predefined list of corporate banking institutions to determine if the hacked workstation is one among the targets, and if so, proceed with the infection.
All the bots that successfully pass those steps will be selected by botnet operators and considered as ‘new candidates’ for banking fraud operations moving forward to the next stage, where Ramnit, one of the most advanced banking trojans will be installed, the researchers said.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply