A new wave of fileless malware is going mainstream and targeting banks directly. This malware resides entirely in RAM and is virtually undetectable.
The malware was discovered by researchers at Kaspersky Labs, who had earlier spotted a variant of this malware design infecting the company’s own network. That malware was called Duqu 2.0, reports ArsTechnica.
This kind of fileless malware owes its roots to the infamous Stuxnet worm that was designed to sabotage Iran’s nuclear program, which also resided solely in memory (RAM).
The Kaspersky Labs blog now reveals that variations of this malware have infected the computer networks of at least 140 banks in 40 countries. Since the malware is so hard to detect, the number of infected networks might be much greater.
ArsTechnica’s analysis of the report tells them that the malware is usually injected into networks using professional administrative and security tools like PowerShell and MetaSploit. The malicious programs are thus, not detected by security programs.
Speaking to Ars, Kaspersky Lab researcher Kurt Baumgartner explains that the money is being pushed out of the banks “from within the banks.” Essentially, the bank’s compromised networks are being used to compromise the bank’s ATM network.
When the malware was first detected in a bank’s network last year, it was determined that the malware was being used to harvest administrator passwords, which could potentially be used to further compromise the bank’s computer network.
These attacks are hard to detect for security researchers. For banks, it’s even harder.