According to latest reports, large no. of banks and financial institutions are targeted for new round of watering hole attacks. Although no withdrawal of fund has been noticed but the presence of this hidden malware has been performing its function since October 2016. This malware has shown its negative impact over several predetermined targets. Actually its creators first of all infect the website to elevate the situation of redirection towards the exploit kit for users which helps in the initiation of malware installation.
Initially this malware was identified on a system of Bank in Poland which proved responsible for infecting other institutions by sharing Indicators of compromise. Further, after the more research, it was reckoned that the existing malware has grown at the website of the Polish Financial sector regulatory body and Polish supervision authority. And by utilizing this website creators have planned to victimize 150 different IP address pertaining to the 104 organizations in around 31 countries, in which bank has been found at top position of target list along with few numbers of Telecoms and Internet firm.
This malware is contained with the feature of introducing troublesome files onto the targeted system and also some of its code resembles to that of malware which was being used by a group Lazarus in North Korea. It has been named as Downloader. Ratankhba. Later it was also noticed that it is capable of getting in touch with eye-watch[.] in command-and-control communications. Thereafter makes installation of hacktools. Moreover researchers have reported that malware are equipped with Windows functionality for which it is necessary to load APIs. But still there is a question that whether attack in present day is being conducted by previous Lazarus group or someome else is there behind all this. The observed difference is that, the present attack aims to victimize about 100 banks around the Globe with watering hole techniques and for that there is need to infect the websites of users’ choice.
Now Security researchers have concluded that to get at high level of success in cyber crime, the criminals will surely seek for another alternative to infect their victims. In earlier days they used to target the one-off websites to drop malware but now a days corporate web application and governmental websites are being used by them.