Invisible Malware Infects 140 Banks Across 40 Different Countries

Banks around the world have been the target of malware attacks for quite some time now. Criminals continue to step up their game in this department, as fileless malware is starting to become a lot more mainstream as of late. A very troublesome development, to say the least, as it seems impossible to defend against these types of attacks.

Fileless Malware Becomes The New Trend

When one thinks of malware, one often assumes the payload is distributed through a malicious file. In most cases, criminals spread malware through infected email attachments, which has proven to be quite a successful method of attack so far. Despite these initial successes, it remains important for online criminals to come up with new methods to wreak havoc using malware.

Two years ago, researchers came across a peculiar type of malware infection that raised a lot of questions. Kaspersky Lab had their network infected with an unknown type of malware. It was unclear how this infection was even possible, considering there were no malicious files found anywhere on the system. As it turns out, Kaspersky Lab was hit by a fileless malware, as all of its components resided in the memory of the compromised computers. This allowed the infection to remain undetected for quite some time.

Fast forward to today and it appears fileless malware attacks are becoming far more common than anticipated. New research published by Kaspersky Lab shows at least 140 banks and other enterprises across 40 different countries have been affected by fileless malware during recent distribution campaigns. Every single attack against these institutions relies on malware hiding in the physical memory of infected systems, making it near impossible to get rid of the infection in the first place. Dealing with invisible malicious software is a very troublesome development for security researchers.

To make matters even worse, this fileless malware is injected into the computer’s memory through widely used administrative tools. PowerShell and Metasploit are the two primary distribution methods, for the time being. Unfortunately, banks are not adequately prepared for this method of attack, which is exactly why criminals are going after financial institutions in the first place. The bigger question is what can be done to nip this attack in the bud, albeit that remains somewhat unclear at this stage.

One silver lining in all of this is how the Kaspersky Labs researchers obtained an intact sample of the fileless malware while it was residing in an infected computer’s physical memory. After analyzing this sample, it became clear this fileless malware was used to harvest passwords of system administrators and those engineers who have remote administration access to network-connected machines.

For the time being, security researchers remain uncertain as to how the malware takes hold in the first place. Remote injection attacks or exploits targeting popular online content management applications is one potential attack vector. More information regarding fileless malware will be provided in the coming months, as it will take quite some time to analyze this new threat.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.