The TorRAT malware
was first appeared in 2012 as spying tool only. But from August 2012,
Bitcoin Mining feature was added and it became a powerful hacking tool
that was commonly associated with attacks on Financial institutions.
This year TorRat Malware targeted two out of three major Banks in the Netherlands and the criminals stole over Million Dollars from user' Banking Accounts.
The Dutch police has arrested
four men from Alkmaar, Haarlem, Woubrugge and Roden on last Monday, who
are suspected of involvement in the large scale digital fraud and money laundering case using TorRat Malware.
Using Spear Phishing
techniques, gang targeted the victims to access their computers and
the Financial accounts. The gang used anonymous VPN services, Bitcoins,
TorMail and the Tor network itself to remain anonymous.
Malware is also capable of manipulating the information during online banking, can secretly add new payment orders and also able to modify existing orders.
To defend the detection from Antivirus softwares, TorRat uses the ZeuS malware
in its attack. The technique was used to divert the focus of
researchers to remove ZeuS infection, rather than the unknown malware on
the system.
Some of the stolen money was converted by criminals to (56 BTC worth around 7700 Euros) Bitcoin virtual currency, which are now seized by Dutch police. Police also mentioned that, one of arrested criminal having his own Bitcoin exchange service.
The TorRAT malware has been known to be distributed in multiple ways. In April, TorRat was in news for hijacking twitter accounts.
After infecting a vulnerable computers, the TorRAT malware hijacks the
Twitter user’s account and share links that lead to attack websites that
attempt to inject TorRAT malware into the victim’s computer.
The main reason why this particular attack is so effective is because
victims are essentially receiving links to the TorRAT malware from
sources they trust; accounts that they follow on Twitter. TorRAT malware
involves using Man-in-the-Browser
(MitB) tactics to infect computers through vulnerabilities in their Web
browser. These kinds of attacks were used to take over a victim’s
online banking account.
They made more than 150 fraudulent transactions for victim's accounts and Police said that, because Gang was operating from the Netherlands, so tracking them become possible.
They made more than 150 fraudulent transactions for victim's accounts and Police said that, because Gang was operating from the Netherlands, so tracking them become possible.
No comments:
Post a Comment