Recently, In September 2017, team of malware researchers have discovered a new trojan attack on the financial institutions. The infected users are mostly from the Russian banks but it also infected the organizations in Armenia and Malaysia. The creators of Silence trojan uses very deceptive techniques to make money from innocent users, gain persistent access to internal banking network for long time, make video recording on the bank employee’s activity, know what software is used in financial organization, learn how things actually works in targeted banks etc to steal all crucial data and money. This deceptive technique is already seen before in Carbanak and similar cases. These days, it’s attack could be new Carbanak operation or work of copycats that modeled modus operandi based on the reports of Carbanak
Technical Details of Silence Trojan
Often using addresses of employees of infected institution, it uses spear-phishing or spam email as the initial vector of infection with request to open them. Although, the spam messages looks like as the routine request. By using social engineering tactics, it looks unsuspicious to receiver. It is capable to built around exploitation of the legitimate Windows administration tool to easily masquerade trojan. Like other variant of Trojan infection, it also capable to ruin the affected PC badly.
Know How Silence Trojan Attacks Happened
How Silence Trojan Operates?
The Silence Trojan usually works by recording the stream of pseudo-video. Once Silence trojan successfully lurks inside the PC as a dropper, it’s Win32 executable file collects all crucial data on the infected hosts and later send information to hackers C&C servers. If C&C servers deems System valuable, they send over the second stage payload. The main feature of this Trojan is that it has the ability to take the repeated screenshots of user’s desktop. The images usually taken at the quick intervals and then uploaded to C&C server for creating the real time pseudo-video steam with bank employee’s actions. The group of trojan makers can review the screenshots later for more trojan attack.
[To deal with Trojan infection, you may visit – http://www.stepstoremovevirus.com/effective-way-to-remove-securityrisk-lazagne