LTS Secure Warning: Cardinal RAT Comes Back To Haunt Fintech & Cryptocurrency Trading Companies
Cardinal RAT has surfaced again, after being in the shadows for nearly two years & this time it is targeting companies in the Fintech & Cryptocurrency Trading sector.
Technical Details
The RAT is spread via a downloader dubbed “Carp“. It makes use malicious macros in Microsoft Excel documents to compile the embedded source code into an executable, which then deploys the RAT on the victim device.
This variant of the RAT make use of various obfuscation techniques like:-
- Steganography
- Bitmap (BMP) file technique
- Its functions, methods, and variables have been renamed to MD5 hashes
This makes the task of analyzing the underlying code very difficult.
Impact
- It captures real time as well as offline keystrokes.
- Upload & executing malicious files on the infected machines.
- Stealing system information and Login Credentials from victim device.
- Capture screenshots.
- Updating & uninstalling itself at will.
Recommended Actions
- Always update your anti-virus software with the latest releases.
- Ensure that your devices are always up-to-date with the latest patches released.
- Avoid Opening emails & attachments from unknown senders.