Several banks have been attacked by a group using a new Trojan and tools that can manipulate Swift customers' transfer logs, warns security outfit Symantec.
The Odinaff Trojan has been used against firms around the world in the banking, securities and trading sectors since January, says Symantec.
The malware is typically deployed in the first stage of an attack to gain a foothold onto a network, providing a persistent presence and the ability to install additional tools.
These additional tools, says Symantec, bear the hallmarks of a sophisticated attacker which has plagued the financial industry since at least 2013 - the Carbanak group which has been implicated in a string of attacks against banks and POS networks.
Among the tactic used by the Odinaff group are the use of malware to hide customers’ own records of Swift messages relating to fraudulent transactions. The tools used are designed to monitor customers’ local message logs for keywords relating to certain transactions. They will then move these logs out of customers’ local Swift software environment.
Symantec says that there is no evidence that the Swift network itself has been compromised. The firm also says that Odinaff does not appear to be related to the recent Lazarus attacks - including the $81 million Bangladesh Bank hack - on banks' Swift environments.