Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
A look at the latest developments in the BRATA malware, which was spotted in EU territory last month, and how the malware is changing its attack pattern and aims to steal sensitive information from banks.
Research conducted by Proofpoint reveals a sophisticated malware threat that is capable of targeting financial institutions and other organizations in the healthcare, telecommunications and technology sectors. These organizations have been known to be a top priority for attackers. In fact, many of these organizations have been targeted more than once by attackers who are relentlessly attempting to develop new tactics and techniques to gain persistent access, even after detection.
In April, Proofpoint observed a new malware threat that has been dubbed BRATA. The malware uses stealth techniques to remain under the radar of security efforts. The threat was first detected by ESET in Italy and Germany and was found in a number of financial institutions. This is not the first time that the actor behind BRATA has targeted financial institutions. In 2015, the actor was observed actively targeting banks in Germany and France via spear phishing emails. In addition to these attacks, another banking transaction malware that leverages Mimikatz was used during previous incidents against German banks.
BRATA is a modular, multi-stage malware that provides attackers with complete control of an infected system. The malware is capable of operating on multiple platforms, including Microsoft Windows and Linux operating systems. It can also be used to target Android devices.
In the initial stages of infection, the BRATA malware allows attackers to deploy the payloads through a variety of methods, including social engineering techniques such as phishing emails, exploit kits and malicious websites. To execute malicious code on systems, BRATA uses plug-ins (DLL files) that allow for exploitation of different vulnerabilities in vulnerable applications. The threat also uses spoofed URLs for phishing emails to lure victims into downloading fake Adobe documents or Microsoft Office documents.