Today, ESET researchers published findings that illustrate how one of the newer cybercrime groups, RTM, has been deploying complex malware based in the Delphi programming language, that targets a type of business software known as Remote Banking Systems (RBS). The software is used to make bulk financial transfers. The findings, shared in a detailed white paper, explore the deployment of this sophisticated malware against targets in Russia and the surrounding region. The confirmed capabilities, especially in respect to spying, include: smart card reading, keylogging and real-time monitoring of banking-related activities.“From our analysis, the malware actively searches for export files common to popular accounting software mainly used in Russia,” explained Jean-Ian Boutin, Malware researcher at ESET.According to ESET research these files are likely to be of interest since they can contain details of bulk transfers, an intermediary step in RBS’ execution of payment orders. The criminals have the ability to extract some interesting information from the text files within, namely the recipient account details or the amount transferred, and thus profiting from their activities.RTM is not the first group to pursue this method of attack. Others like Buhtrap and Corkow have also targeted RBS users in the past, slowly building an understanding of the network and building custom tools to steal from corporate victims. “The growth in capabilities and methodology of groups like these, which are primarily targeting Russia at the moment, suggests that businesses in other parts of the world, vulnerable to similar attacks, are likely to be their next targets,”continued Boutin. To counter these threats, ESET advises all companies, regardless of the sector to employ Core cybersecurity best practices — including ongoing education for employees, implementing tools like two-factor authentication (2FA), encryption, and layered protection for systems and endpoints. To learn more about RTM’s activities and the tools they use, please refer to our complete white paper. IOCs for this threat can be found on our GitHhub account.
About ESET
Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 200 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.
The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia). ESET Middle East has its regional office in Dubai Internet City and manages an extensive partner network in 11 countries: United Arab Emirates, Saudi Arabia, Kuwait, Qatar, Oman, Bahrain, Yemen, Lebanon, Jordan Egypt and Libya. More information is available via www.eset.com/me