This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
07/25/2018
Kronos Malware Returns With New Attack Campaigns, Updates
The State of Security
The Kronos banking trojan has returned with several new attack campaigns as well as a few updates.
In April 2018, researchers at Proofpoint detected a new variant of the malware. It’s the first time Kronos surfaced after largely disappearing from the threat landscape. Given that absence, the trojan’s operators didn’t waste any time in getting up to no good.
Proofpoint observed the first malware campaign at the end of June. As part of that operation, bad actors posed as German financial companies and sent attack emails to German users with subject lines informing them of updates made to their terms and conditions. Other versions of the campaign notified them of a “reminder.” All instances of the campaign contained Word documents that used malicious macros to download Kronos.
The second and third campaigns both occurred in mid-July. For the former, attackers targeted Japan with a malvertising chain that sent users to websites containing malicious JavaScript. Those sites redirected users to the RIG exploit kit that distributed Smoke Loader, just one type of malware served by the compromised website of a Ukraine-based accounting software developer back in August 2017. Smoke Loader then downloaded Kronos.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information