FIN8 hacker group uses new White Rabbit malware

Trend Micro experts studied a sample of the new White Rabbit malware obtained during an investigation of an attack on a US bank in December 2021. Apparently, this malware may be a part of a side operation of the FIN8 hacker group.

FIN8 has been active since at least January 2016 and is known for attacking retail, restaurants, hospitality, and healthcare to steal payment card data from POS systems. Over the years, researchers have observed a variety of tools and tactics in FIN8’s arsenal, ranging from various POS malware, including BadHatch, PoSlurp (PunchTrack), PowerSniff (PunchBuggy, ShellTea), به zero-day vulnerabilities و targeted phishing.

The executable file of the new malware is a small 100 kb payload. It requires a password to be entered to decrypt the malicious payload. It is noteworthy that the same password was previously used in the work of other ransomware, including Egregor, MegaCortex و SamSam.

Once launched with the correct password, the ransomware scans all folders on the device and encrypts the target files, creating a ransom note for each encrypted file. The note informs the victim that their files were stolen and encrypted, and the attackers threaten to publish or sell the stolen data if their demands are not met.

We will also send data [about what happened] to all interested regulatory organizations and the media.the hackers add.

new malware White Rabbit

Evidence of file theft is uploaded to services such as paste[.]com and file[.]io, and victims are encouraged to contact the hackers through a special site on the dark web.

Experts note that evidence of a connection between FIN8 and White Rabbit is discovered even at the stage of ransomware deployment. بنابراین, the malware uses a new and previously unknown version of the Badhatch backdoor (also known as Sardonic) associated with FIN8.

Although the White Rabbit attacks have only recently attracted the attention of experts and have managed to affect only a few organizations, it seems that hacker activity began as early as July 2021.

Given that FIN8 is known primarily for its infiltration and reconnaissance tools, it is likely that the group is expanding its arsenal to include ransomware. White Rabbit has had few casualties so far, but this could mean that the hackers are still testing the waters or preparing for a large-scale attack.Trend Micro said.

You might also be interested to know what بدافزار لینوکس, CronRAT, در یک شغل کرون با تاریخ های نادرست پنهان شده است, and what New MasterFred malware targets Netflix, Instagram و توییتر users.

هلگا اسمیت

من همیشه به علوم کامپیوتر علاقه داشتم, به خصوص امنیت داده ها و موضوع, که امروزه نامیده می شود "علم داده", از اوایل نوجوانی من. قبل از ورود به تیم حذف ویروس به عنوان سردبیر, من به عنوان کارشناس امنیت سایبری در چندین شرکت کار کردم, از جمله یکی از پیمانکاران آمازون. یک تجربه دیگر: من در دانشگاه های آردن و ریدینگ تدریس می کنم.

پاسخ دهید

این سایت از Akismet برای کاهش هرزنامه استفاده می کند. با نحوه پردازش داده های نظر خود آشنا شوید.

دکمه بازگشت به بالا