According to ZDNet, an updated version of the Cardinal RAT malware has been discovered by Unit 42. The new Trojan malware campaign is specifically targeting Israeli financial technology firms, including those that develop software for cryptocurrency trading.
Password-stealing malware
Cardinal, which was first discovered in 2017, steals usernames, passwords, and other types of sensitive information. It is also able of taking screenshots, downloading and executing files, and even uninstalling itself once the whole job is done.
Our latest research on #?from=article-linksCardinalRat shows #?from=article-linksanti-analysis techniques, use of #?from=article-linkssteganography pairing with new #?from=article-linksmalware #?from=article-linksEVILNUM; targeting financial technology (#?from=article-linksfintech) firms in #?from=article-linksIsrael https://t.co/zfzjlgTDAN?from=article-links pic.twitter.com/5qG7XY9LMF
— Unit 42 (@Unit42_Intel) March 19, 2019
A lucrative target
The malicious campaign appears to be targeting fintech companies in Israel that are involved in forex and cryptocurrency trading. Unit 42 explains that this a very lucrative target, which justifies the amount of time and money they spent on reviving Cardinal. There could be even two separate groups of hackers that are focusing on the same firms.
No success so far
However, the report also states that none of the attacks have been successful so far. Unit 42 encourages the potential victims to beef up their security in order not to be affected by Cardinal.
