Old malware rises back to life, now targeting forex and crypto traders

21 Mar, 2019 | Updated: 21 Mar, 2019
by Fifi Arisandi
Old malware rises back to life, now targeting forex and crypto traders

An old malware has been reported to have risen from the dead and targeting forex and crypto traders.

The malware, called Cardinal RAT was first seen in action in 2017 and managed to get undetected for 2 years.

Like other trojan malware, it infects the computers through a downloader, in this case, Carp and Microsoft Excel macros, which will deploy the malware after compiling the source code into exe.

The Cardinal RAT can also be found embedding its code into a "harmless" Bitmap (BMP) image that will infect the computer when opened.

After it has successfully infected a computer, the malware will then do what it’s created for, which is attempting to steal passwords, user names and other sensitive data, then sending all those data to its operators.

In more detail, researchers from Palo Alto Networks’ Unit 42, who found the malware in the first place, the new Cardinal RAT can perform the following actions:

- Collect victim information

- Update settings

- Act as a reverse proxy

- Execute command

- Uninstall itself

- Recover passwords

- Download and Execute new files

- Keylogging

- Capture screenshots

- Update Cardinal RAT

- Clean cookies from browsers

Moreover, it is said to have sophisticated ways to avoid detection by using steganography, which is programming techniques used to obscure files, messages and other data.

So far, there have been a total of 13 reports of the malware attacks, 9 of which came from Israel, while 2 came from the US, 1 from Austria and 1 from Japan.

That said, there are only 2 attacks that have been observed, which are those reported by Israel-based fintech companies.

According to The Next Web, the Cardinal RAT find its way to the devices through documents attached to spam messages that are sent particularly to forex and crypto traders.

To avoid the malware attack, the Unit 42 researchers suggested not to accept emails from unknown external sources as they might contain macros on the attachments.

It seems like malicious actors have become more creative in their efforts to get a quick money. Earlier last month, a new trojan called Razy that infect browser extensions in efforts to steal crypto wallets passwords was also reported by Kaspersky Lab researchers. 

Read more: New Trojan, Razy steals cryptos through various browser extensions

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!

Chepicap is here for you 24/7 to keep you informed on everything crypto. Like what we do? Tip us some Satoshi with the exciting new Lightning Network Tippin.me tool!


Read more: How to tip and receive Bitcoin via the Lightning Network with Tippin.me

Read more about: Hack


Have you been victim of a crypto related virus?

(10 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage