23 June 2017
download the report now

Polish bank malware targets IP addresses in 31 countries - Symantec

13 February 2017  |  8260 views  |  0 Security

Hackers who succeeded it penetrating the Websites of several Polish banks last week appear to be behind a wave of malware attacks that have targeted banks in 31 countries since the end of last year.

The attackers used compromised websites or “watering holes” to infect pre-selected targets with previously unknown malware, says security researchers at Symantec.

The attacks came to light when a bank in Poland discovered previously unknown malware running on a number of its computers. The bank then shared indicators of compromise (IOCs) with other institutions who subsequently confirmed that they too had been compromised.

The source of the attack appears to have been the website of the Polish financial regulator, which was compromised to redirect visitors to an exploit kit which attempted to install malware on selected targets.

Symantec says that since October last year it has blocked attempts to infect customers in Poland, Mexico and Uruguay by the same exploit kit that infected the Polish banks.

The attackers appear to be using compromised websites to redirect visitors to a customised exploit kit, which is preconfigured to only infect visitors from approximately 150 different IP addresses, says the security group. These IP addresses belong to 104 different organisations, mostly banks, located in 31 different countries.

Analysis of the malware is still underway, but some code strings bear similarities to those used by the threat group known as Lazarus, which has been linked to a string of aggressive attacks since 2009, including the infamous take-down of Sony Pictures.

Symantec says some of the tools used in the Bangladesh bank heist shared commonalities with malware used in historic attacks linked to the group.

Says Symantec: "After a series of high profile attacks on banks during 2016, this latest incident provides a timely reminder of the growing range of threats facing financial institutions."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Russia arrests malware gang suspects

Russia arrests malware gang suspects

10 February 2017  |  5911 views  |  0 comments | 6 tweets | 7 linkedin
Hitachi outed as source of Indian ATM malware infection

Hitachi outed as source of Indian ATM malware infection

09 February 2017  |  7792 views  |  1 comments | 10 tweets | 13 linkedin
Man pleads guilty to part in $1.2 million malware heist

Man pleads guilty to part in $1.2 million malware heist

08 February 2017  |  4139 views  |  0 comments | 5 tweets | 1 linkedin
Financial regulator infects Polish banks with malware

Financial regulator infects Polish banks with malware

06 February 2017  |  5954 views  |  0 comments | 14 tweets | 11 linkedin
Police dismantle cyber-crime malware network

Police dismantle cyber-crime malware network

07 December 2016  |  5787 views  |  0 comments | 9 tweets | 11 linkedin
Swift warns of second victim of bank hackers

Swift warns of second victim of bank hackers

13 May 2016  |  11200 views  |  5 comments | 11 tweets | 20 linkedin
Hackers behind billion dollar SpyEye malware jailed

Hackers behind billion dollar SpyEye malware jailed

21 April 2016  |  7575 views  |  2 comments | 5 tweets | 7 linkedin
Security experts warn of new breed of bank malware

Security experts warn of new breed of bank malware

09 February 2016  |  12375 views  |  0 comments | 9 tweets | 20 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.response.ncr.comvisit www.events.sap.comdownload the report now

Top topics

Most viewed Most shared
Worldpay pilots app-only mPOS for small retailersWorldpay pilots app-only mPOS for small re...
8603 views comments | 17 tweets | 27 linkedin
Live: EBAday 2017, day twoLive: EBAday 2017, day two
8423 views comments | 4 tweets | 5 linkedin
Live: EBAday 2017, day oneLive: EBAday 2017, day one
7727 views comments | 3 tweets | 4 linkedin
UK banks will need to change one million sort codes under ring-fencing rulesUK banks will need to change one million s...
7596 views comments | 8 tweets | 25 linkedin
UBS dangles $200,000 carrot to woo startups to fintech challengeUBS dangles $200,000 carrot to woo startup...
6503 views comments | 12 tweets | 5 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job