Operation Buhtrap: New Malware Family Spying on Russian Business Computers

Next story
ESET

ESET Researchers have just published in-depth technical examination of Operation Buhtrap on WeLiveSecurity.com.


Activity of this malware family began late last year and continues to evolve, gathering data from Russian Windows users that allows cybercriminals to steal sensitive and smartcard information. Benefiting from the vulberable Russian Windows systems at risk, the campaign targets a large array on Russian banks. 


The studied infection vectors are Word documents exploiting CVE-2012-0158, spam recipients receive malicious Word attachment in attempt to lure victims into opening it.

"This campaign is yet another reminder to all of us to ensure that computers are properly protected and patched against vulnerabilities,” said Jean-Ian Boutin, Malware Researcher at ESET.“The techniques used by the cybercriminals are often associated with targeted attacks. It diverges quite a lot from the traditional banking malware we are familiar with. Once a computer on a network is compromised, the cybercriminals have access to several tools that will help them to first compromise other computers in the company and second, spy on the user and establish whether fraudulent banking transactions can be performed.”

 

Read more about Operation Buhtrap on WeLiveSecurity.com


Raphael Labaca Castro
Editor In Chief, WeLiveSecurity.com