Hackers are baiting their victims with stolen financial data in a clever phishing scheme. Over 400,000 data points, including identity numbers, names, phone numbers, and payment records, are used to persuade consumers to click on a malicious link. This link downloads a potent virus called BitRAT that can steal passwords, spy on users, and install cryptomining software.
In order to spread the remote access trojan known as BitRAT, the new campaign utilized confidential data taken from a bank as bait in phishing emails convincing victims to download a suspicious Excel file.
BitRAT is a well-known remote access trojan (RAT) that is sold on dark web markets and forums used by cybercriminals. Because it costs $20 for a lifetime membership, it attracts all sorts of hackers and promotes the propagation of harmful payloads. In addition, the fact that BitRAT can be utilized in a range of activities, including phishing attacks, trojanized software, and watering hole attacks, makes it much more difficult to block.
Although the hacker group responsible for the campaign is currently unknown, it is believed that they used SQL injection flaws to compromise the IT network of a Colombian cooperative bank. This is a typical method used by hackers to trick a database into producing an error message so they may discover the layout of the database.
The exposed information includes, among other things, ID numbers (national resident identity), phone numbers, email addresses, customer names, income information, payment history, and residences.
There are no indications that the information has been posted on any forums. However, this does not mean that consumers should not worry. The threat actors could use the obtained data to carry out phishing attacks themselves.
The exfiltrated bank data file also has a macro embedded that downloads a second-stage DLL payload programmed to fetch and run BitRAT on the infected host. According to Qualys researcher Akshat Pradhan, the infected file downloads BitRAT embedded payloads from GitHub to the %temp% directory via the WinHTTP library.
The GitHub repository, established in the middle of November 2022, stores encoded BitRAT loader samples, which are later decoded and launched to finish the infection chains.
It's crucial for business owners to be aware of these types of threats. Businesses can take proactive measures to protect their systems and sensitive data. Training employees to recognize and avoid suspicious emails and links and ensuring all systems are kept up-to-date with the latest security patches are just a couple of ways business owners can reduce the risk of falling victim to cyber-attacks.
If this tip helps and you would like to donate click on the button. Thanks In Advance
________________________________________________________________________________________________________
"Fortune Favors, Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"Buy a TV from TeQ I.Q. with Ease and We Install it for Free!"
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
Check out our Smart Home 10% off Daily Deal at the TeQ I.Q. Daily Deal webpage https://www.teqiq.com/daily-deal/
We now Sell, Install, Setup and Train for Smart Homes visit our webpage https://www.teqiq.com/smarthome/
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
