A Cyber-Attack took place in Singapore, was investigated by Kaspersky at the time when a Malaysian bank was targeted. It was known to have been received a RAT through phishing email which was later tracked to be suspected from a Nigerian origin (Constantin. L, 2016).
We are not familiar with this specific Singapore incident but in recent days there are many data-breaches where cyber criminals stealing sensitive user data from average consumer , government sectors, financial institutions and enterprise level organizations.
Trojan is a piece of software which disguise or mimic as a user desired software which are installed on a target by a hacker without the knowledge of the user of that target machine. There are different versions of trojans like , Backdoors/RAT Ransomware, DDoS and Dos GameThief and many more. All the malicious computer programs by a cyber-hacker may misdirect wanted focuses into introducing such programming by means of social building strategies, or even by means of transitory physical access of the infected PC and the intent is to gain access to a machine . Such un-authorized access are also gained remotely. RAT is one trojan which enables admin privileges for the hacker over the infected target remotely and exploit the target whenever they want, hence the name REMOTE ACCESS TROJAN.
Remote administration tools are used controlling a machine from another machine, on this principal there are many IT application built and we are using them in our everyday life , example office connectors like webex , zoom during meetings after other user accepting user permission. Regular customer care support applications, where the support agent gains accesses to a machine via internet for troubleshooting the issue with customer permission. One big application is cloud computing application which provide cloud based services like platform as a service, software as a service and infrastructure as a service which are enterprise level, where a IT company uses these service to develop their own applications without the need of maintaining various software license, platform license , systems infrastructure , data servers thus helping them reduce project cost . These technologies are beneficial to both individuals and organizations but one organization based on Remote access, user permissions and cloud based services started providing trojan and malware as a service. Unknown cyber-criminal group created Alien Spy malware which is a cloud based cross platform malware. This service can be subscribed by online hackers to distribute alien spy client on to the target systems via the traditional ways of injecting malwares, like email attachments, gaming software’s and social pishing which are nothing but payloads of JAR files. If a human being opens an Gmail/any Email connection which is loaded as malicious Alien Spy JAR file, the malware brings itself on the PC and encourages to speak with the operator’s charge and control (C&C) server for extra directions. When the alien spy JAR is downloaded on to target as obfuscated jar.
Alien Spy is a well-known Trojans which are mainly used in financial fraud, in financial fraud mainly they target the consumers also stealing the Bank account details/credentials and personal information. These Trojans have also used in Advanced Persistent Threat (APT) style attacks. In this, they target employees used to grab the corporate login details also business and operational data. Typically these Trojans can read the users keystrokes and send the data to the attacker, records the browser session including the screen that is displayed to the user. Attackers record the video on your screen or browsing session. And there is a technical word HTML Injection, this can be used in injecting HTML content into legal web pages and make changes to it. If the machine is infected the attacker will have complete access to the personal computer and the business network just like a remote control access. It is designed to avoid anti-virus and other security controls.
In November 2014, the cyberattack on Sony Pictures Entertainment exposed a brand-new reality that you just haven’t got to be able to intercommunicate injury on U.S. corporations; a fact that has been on time noted among company boardrooms and therefore the national security equipment. The attackers took terabytes of personal information, deleted the initial copies from Sony computers, and left messages threatening to unleash the information if Sony did not suit the attackers’ demands.
AlienSpy RAT has launched assaults against no less than 400,000 corporate and private targets in the government, financial, training and designing parts around the world, analysts have cautioned. Kaspersky experts Kamluk and Alekz from the company’s international Research group told members at the Kaspersky Security in Tenerife and Adwind is currently seeking after targets internationally in the journey for information and surveillance data. As indicated by Kaspersky, the Trojan has utilized as a part of assaults against no less than 443,000 clients and organizations worldwide between the years 2013 and 2016 – and stays dynamic today. As a cross-stage danger, the pool of potential casualties is endless. Malware is basically observed in campaigns (Spam) which is transferred to the public/people, there are cases in which Adwind got in to attacks based on particular/specific victims. In latest years, the Trojan was linked to the suspicious death of Argentinian prosecutor Alberto Nisman.
What we can mention in our examination of the attack against the Singaporean bank is that the criminal behind it was a long way from being an expert programmer, and we surmise that the vast majority of the Adwind stage’s “customers” have that level of PC training. That is a troubling pattern.”
The malware was found on the prosecutor’s cell phone at the time of his passing, just before Nisman was because of discharge a report denouncing the Argentine government for professedly covering a psychological oppressor assault against a Jewish people group focus. Additionally, a Singaporean bank was additionally particularly focused through a lance phishing effort using the malware.
Kaspersky says the RAT’s are boundless and uses players in the assembling, fund, building, outline, retail, government, transportation and telecom segments. What’s more, AlienSpy has seen in battles against organizations in all the above mentioned fields.
Half of the RAT’s are situated in the United Arab Emirates, Germany, India, US, Italy, Russia, Vietnam, Hong Kong, Turkey and Taiwan.
As the Trojan is programming users must pay for, Kaspersky trusts the greater part of the malware’s clients – of which there are no less than 1,800 – hackers are looking to upscale their crusades with advanced devices, other competitors looking for different organizations and private clients who need to utilize the RAT to keep an eye on other individuals.
It is trusted that memberships for the product generate a yearly salary of roughly $200,000.
Sadly, Kaspersky doesn’t trust the stage will leave at any point in the near future, because of the client base, membership model and profit.
“It’s universally recognized and we ought to expect that in the event that it ought to go down, it will be rebranded as something different. We should expect that cross platform RATs will end up standard.”