Incidents

The Persistence of Memory – Chapter one: keyloggers

Today’s arrest of Yaron Bolondi set me thinking about cyber crime and keyloggers. It comes as no surprise that keyloggers have become the tool of choice for cyber criminals. Three months ago I wrote about my experience with a public computer that I was using to access the Internet, which was infested with keyloggers and screen capturing tools.

Last week we received a new Trojan, which called back home through a hacked ftp account on a public hosting server. The Trojan was constantly monitoring the screen, starting to capture screenshots whenever the page currently accessed in IE containes keywords such as “bank” or “account”. Additionally, the Trojan included the usual keylogger component and a module which intercepted all emails sent from the system.

We were glad to notice the above technique was almost useless against e-banking systems which rely on one-time-pad authentication or hardware tokens. Of course, everything else it at risk.

If you have to rely on e-banking – and I have to say I’m a great fan of it – choose your bank wisely. One time pad authentication or hardware tokens are a “sine qua non”. Assuming that the bank’s internal bank network isn’t breached, your money should be safe.

The Persistence of Memory – Chapter one: keyloggers

Your email address will not be published.

 

Reports

The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox