Fintech companies based in Israel that develop cryptocurrency trading forex-related products are now the next target or malicious malware programs.
According to a recent blog post by Unit 42, the threat discovery and research division of the cybersecurity firm, Palo Alto Networks. As explained in the blog post, the analysts initially discovered an older version of the malware scripts known as Cardinal RAT back in April of 2017.
After being uncovered two years ago, security threats in relation to Cardinal RAT have been found in software developed by two tech firms in the nation. The malware was apparently detected in proprietary forex and cryptocurrency trading programs. Referred to as the Remote Access Trojan (RAT), the malware allows attackers to remotely access and get in control of software programs.
In an attempt to avoid detection, the creators of the latest version of the Cardinal RAT malware program have used sophisticated code obfuscation techniques. Nevertheless, the Unit 42 research team was still reportedly able to discover the malicious scripts of malware.
The malware was used in order to gain access to the victim’s private data in order to modify their system settings and function as a “reverse proxy that can execute commands (remotely) - while also being able to uninstall itself.” These malware scripts can also be used to obtain user’ passwords and the attack is able to download and execute files on their operating system.
On top of this, the malware can function as a keylogger and capture screenshots on the victim’s computer. Unit 42 explains that the malware has been used to target forex and crypto-related software created by fintech companies.
As reported by CryptoGlobe, “according to the research team’s analysis, both Cardinal RAT and EVILNUM have been used previously to launch attacks against software designed by fintech firms.”
As described by the researchers, EVILNUM malware is able to execute commands on users’ operating systems without them noticing or requiring permission.
“EVILNUM is also similar to Cardinal RAT as both are able to download files and take screenshots on the victim’s computers without their consent.”