Malware is putting financial instiutions in jeopardy - Velox Systems

Malware is putting financial instiutions in jeopardy

Diagram of a malware chain in Brazilian bank hack
Malware is putting financial institutions in jeopardy. Brazilian banking institutions are under attack from a custom variant of the AllaKore remote access trojan (RAT), dubbed AllaSenha, according to French cybersecurity firm HarfangLab. The malware, designed to steal banking credentials, uses Azure cloud infrastructure for its command-and-control (C2) operations.

Targeted banks include Banco do Brasil, Bradesco, Itaú Unibanco, and others. The attack begins with phishing messages containing malicious Windows shortcut files disguised as PDFs. Once opened, these files execute commands to download and activate the malware, leveraging a complex chain of PowerShell scripts, Python binaries, and DLL injections. AllaSenha is capable of stealing credentials, intercepting two-factor authentication (2FA) codes, and tricking victims into approving fraudulent transactions.

Attribution and Impact

Cisco Talos traced the malware to two Brazilian threat actors, identifying them through operational errors during domain registrations. Active since 2023, the campaigns saw a surge in infections from February to April 2024, as attackers aggressively targeted financial institutions to extract sensitive data.

Android Banking Trojan “Anatsa” Hits Google Play

Windows isn’t the only platform in jeopardy. Anatsa, an Android banking trojan, recently infiltrated the Google Play Store through legitimate-looking apps like PDF readers and QR code scanners. These apps, acting as clean droppers, downloaded malware disguised as app updates. Once installed, Anatsa exfiltrated sensitive financial data using overlay and accessibility techniques. Google has since removed these malicious apps.

Both cases highlight the growing sophistication of banking malware across platforms, underscoring the need for robust security measures to protect financial information.

How to strike back

Malware is putting financial institutions in jeopardy. A crucial way to stay protected against such attacks is by maintaining a knowledgeable and continuously educated cybersecurity team. At Velox Systems, we stay ahead of threats through ongoing education, advanced skills, and robust action plans to respond effectively if an attack occurs. The new year is just beginning—is your financial enterprise secure? Let’s connect and ensure your organization is protected.