Malware alert! Crypto trading firms are under attack

By Faisal Saeed on
March 21, 2019
  -   Like us now!  

A Trojan-style malware is attacking Israeli fintech and cryptocurrency trading firms in an attempt to get revenge. This Cardinal RAT malware was also spotted several years ago in 2017 and went largely undetected for almost two years. It appears that the virus has returned and is going after the cryptocurrency trading firms again.

What the virus did before, was to enter into the computer using a downloader called Carp and uses Microsoft Excel’s documents to compile the source code into a program which then deploys the malware into the system.

However, the updated version of the malware has resurfaced which is evading “detection and hinder analysis”, according to the researchers from Palo Alto Networks’ Unit 42, an American multinational cybersecurity company.

See Also: Impostors pose as CIA agents to steal Bitcoins in new blackmail scheme

The latest version of the Cardinal RAT virus applies a number of techniques to go through the analyzing systems undetected and making it more difficult to find it. One of the techniques include steganography, it refers to a class of programming approach that are used to obscure messages, files, and other important data.

The virus is loaded into the victim’s computer through the data embedded into a Bitmap (BMP) image file during installation. It looks harmless from the surface but when the image is opened, the embedded code decodes itself and initiate the attack.

The malware steals your passwords, usernames, and other sensitive data which then it sends back to the malware operators giving them the power to steal your cryptocurrency.

According to the report from Unit 42, the malware operators perform the following actions;

  • Collect victim information
  • Update settings
  • Act as a reverse proxy
  • Execute command
  • Uninstall itself
  • Recover passwords
  • Download and Execute new files
  • Keylogging
  • Capture screenshots
  • Update Cardinal RAT
  • Clean cookies from browsers

Two Cardinal RAT attacks have been observed since 2017, and according to Unit 42 both times the victims were fintech companies based in Israel. A total of 13 reports have been received until now, which include nine from Israel, two from the US and one each from Austria and Japan.

Like our stories? Follow our Instagram for pictorial updates.Follow @techjuicepk

Facebook adds quoted replies in Messenger to better organize group chats
Punjab Land Record Authority to start issuing online record of ownership


NameDescriptionLink is a peer-to-peer bitcoin exchange, a site where you can list your own bitcoins for sale or buy bitcoins directly from other users.Buy Bitcoins
Coinmama lets you buy bitcoins with your credit card or cash.Buy Bitcoins
With Binance, you can buy and sell Bitcoins and altcoins easily. Get into Cryptocurrency trading on this exchange.Buy Altcoins
Coinbase is the easiest place to buy, use, and accept bitcoin, ethereum, and litecoin.Buy Bitcoins