A New Trojan Named Silence, Involved In Attacking The Financial Organizations

Recently, In September 2017, team of malware researchers have discovered a new trojan attack on the financial institutions. The infected users are mostly from the Russian banks but it also infected the organizations in Armenia and Malaysia. The creators of Silence trojan uses very deceptive techniques to make money from innocent users, gain persistent access to internal banking network for long time, make video recording on the bank employee’s activity, know what software is used in financial organization, learn how things actually works in targeted banks etc to steal all crucial data and money. This deceptive technique is already seen before in Carbanak and similar cases. These days, it’s attack could be new Carbanak operation or work of copycats that modeled modus operandi based on the reports of Carbanak

Technical Details of Silence Trojan

Often using addresses of employees of infected institution, it uses spear-phishing or spam email as the initial vector of infection with request to open them. Although, the spam messages looks like as the routine request. By using social engineering tactics, it looks unsuspicious to receiver. It is capable to built around exploitation of the legitimate Windows administration tool to easily masquerade trojan. Like other variant of Trojan infection, it also capable to ruin the affected PC badly.

Know How Silence Trojan Attacks Happened

It’s attacks begins with the hackers gaining control or access to employee’s email account. Hackers gain access to email account by using the reused passwords from the accounts that included in the publicly released datasets. The group of this Trojan uses bank employee’s infected account to send spam or spear phishing emails to another workers of bank. The primary objective of this malware is to identify another employees with access to the crucial bank management systems. Spear-phishing emails usually contain a compiled HTML file attachment. If any user downloads and opens files, this html file executes the JavaScript commands that automatically download & install malware’s payload. The payload of Silence trojan is also known as a dropper.

How Silence Trojan Operates?

The Silence Trojan usually works by recording the stream of pseudo-video. Once Silence trojan successfully lurks inside the PC as a dropper, it’s Win32 executable file collects all crucial data on the infected hosts and later send information to hackers C&C servers. If C&C servers deems System valuable, they send over the second stage payload. The main feature of this Trojan is that it has the ability to take the repeated screenshots of user’s desktop. The images usually taken at the quick intervals and then uploaded to C&C server for creating the real time pseudo-video steam with bank employee’s actions. The group of trojan makers can review the screenshots later for more trojan attack.

[To deal with Trojan infection, you may visit – https://www.stepstoremovevirus.com/effective-way-to-remove-securityrisk-lazagne

Leave a Comment

Your email address will not be published. Required fields are marked *