Infection of devices with malware by using the image of some banks in Romania

Romanian bank customers are still the target of cyber attacks by several methods, one of which is e-mail attacks.

A user receives an e-mail informing them that a payment has been made from his account or has to pay a certain amount of money for a certain invoice, a PDF document with a payment order is attached to the e-mail, as well as information additional information about the transaction, specifying the payment approval with personal data and the account number in which the payment will be made.

Of course, this message is one sent by the attackers, designed to appear to have been legitimately sent by the bank, by copying the visual identity (font, logo, address), in order not to raise suspicions to the recipient.

The user, who is in front of this information, can be scared and can act hastily, believing that money has been stolen from his account, accessing that malicious attachment in the mail, which will automatically lead to the installation of a variant of malware. The attached attachment called a “payment order” or “due invoice” is not a document, as stated in the email, but an executable file (.exe), which will install on your devices the malware called ‘Agent Tesla’.

This type of malware attack that has the ability to record what the user types on the device, but also what text it copies to the clipboard, and this information is passed on to a command and control server (C2), handled by attackers. Basically, when the user logs in to the personal or company accounts they work for, those credentials can become in the possession of the attackers without the user knowing what happened.

Recommendations

  1. In order to avoid such situations, vigilance is recommended when using the online environment. It is important to pay extra attention because you may receive trap messages through various channels such as – email, SMS, social networking, phone calls – from people who claim to be employees of the bank or intermediaries from the bank, or of other famous institutions etc. Analyze incoming messages before clicking on the link or attached document in these online environments;
  2. If you receive an email or message from the bank, first check the source of the message in the mail header (as far as possible), as banks do not use emails with addresses that do not contain the bank’s name. Sometimes the real sender is hidden, the address being spoofed, but other times the attackers use an alias, the real address being easily visible when accessing the source of that email. So go to the view source button in your email or internet browser to detect the sender’s real address. You need to compare the email address you received with the official address found on the official website of the bank where you are a customer. As can be seen from the attached image, the example email came from an address with no official connection to the bank it impersonates (tapizadosblanco [@] againtrnet [.] Com)
  3. If you have any suspicions about the received message, check the information, including the validation of its transmission to you with the sender, or consult the official website of the bank where you are a customer.
  4. Use a device security solution (antivirus or antimalware) to scan for malicious links or attachments. Alternatively, you can access such a solution available for free online, such as VirusTotal.
  5. Keep your operating system and software up to date on your devices. Updates help prevent possible such attacks, which are necessary for the security of the devices you use.
  6. Back up your important files regularly and store this copy on an external medium, disconnected from your device. (Ideally, you should store backups on multiple external media).
  7. If you have been the victim of such an attack and you notice that money has been withdrawn from your account, it is important to contact the bank, the Police (petitii @ politiaromana [.] Ro) and / or the dedicated 1911 emergency number as soon as possible. cyber security incidents)

Why is it not advisable to pay the sums demanded by cybercriminals?

  • There is no guarantee that the attacker will honor the promise and restore access to the data.
  • If they pay, the victims can be targeted again by the attackers, as they build a good pay history in front of the criminals.
  • Each amount of money transferred will help ransomware developers build even more complex versions and increase the scale of this phenomenon. Attackers use virtual currency (Bitcoin, Litecoin, Ethereum, etc.) and it is virtually impossible for the money to be tracked.

Share:

More posts

Using WhatsApp accounts and avoiding attacks through social engineering methods

In the last period of time in Romania there have been several cyber attacks that have targeted emails and messages through communication applications. It is about the attackers trying to gain access to the WhatsApp accounts of certain target people through advanced social engineering techniques. How does this type of cyber attack work? To use

Security guide for using Android devices in companies

Configure and secure devices with Android operating system Android is a mobile operating system developed and marketed by Google and used on various portable devices such as smartphones, tablets and more. Although this guide applies to multiple versions of Android, it was designed using devices running Android 10 and configured for business models. Below is

news

Cybersecurity

Using WhatsApp accounts and avoiding attacks through social engineering methods

In the last period of time in Romania there have been several cyber attacks that have targeted emails and messages …

See more →
Cybersecurity

Infection of devices with malware by using the image of some banks in Romania

Romanian bank customers are still the target of cyber attacks by several methods, one of which is e-mail attacks. A …

See more →
Cybersecurity

Flubot attacks – a variant of malware especially for users of the Android operating system

Flubot attacks are a variant of malware, especially for Android that steals sensitive information through SMS sent to users in …

See more →

Services

CYBER SECURITY / PENTESTING

Cyber security is the application of technologies and processes to protect systems, networks, devices and data from cyber attacks.

Hardware Development

In this segment of technology, we rely on the actual construction of prototypes for security.

Networking and robotics

Our company offers indoor or street car park management services. This is essential, given the steady increase in the number of cars that require well-developed logistics.

Custom cloud services

Our company offers cloud servers, customized with security included and backup solutions for cyber attacks. How do cloud services work?