Hackers Work Together on Build Better Bank Malware, Breach a Video-Sharing Site, And Steal $31M

Stefano Garau/Shutterstock.com

Just another week in Threatwatch.

For the latest cyber incidents, follow Nextgov's regularly updated index, Threatwatch.

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

A variant of the Zeus banking Trojan is gaining in popularity in dark web forums, according to security researchers.

The malware targets point-of-sales systems through spear-phishing campaigns and RIG exploit kits, Threatpost reports.

“Rather than simply copying the features that were present within the Zeus trojan ‘as-is,’ Floki Bot claims to feature several new capabilities making it an attractive tool for criminals,” Talos researchers wrote.

A separate Flashpoint report, released after a collaborative analysis, states the malware is being peddled by a Portuguese-speaking actor who goes by “flokibot.”

“This actor is remarkable for a number of reasons, in particular their presence in a number of top-tier underground communities across a range of languages,” the report states.

Hackers tend to stick within their own language groups, suggesting Brazilian-based hackers are working with Russian- and English-speaking communities to advance the malware's capabilities.

85M User Accounts Compromised From Video-Sharing Site Dailymotion 

A hacker stole 85.2 million user accounts from Dailymotion, a large video-sharing service.

The breach includes unique user names and email addresses and the hashed passwords for about 18 million users, according to an announcement Dec. 5 by breach notification service LeakedSource. The incident appears to have happened Oct. 20.

ZDnet confirmed the data came from Dailymotion, though it noted the type of hashing used on the passwords will make them difficult to crack.

Dailymotion on its blog suggested users change their passwords as a precaution or rely on token-based authentication.

Hackers Steal $31M From Russian Central Bank

Russian central bank officials said Dec. 2 hackers stole the equivalent of $31 million, though they were attempting to make off with more than double that.

A bank spokeswoman told The Wall Street Journal although she could confirm the theft happened, she couldn’t say when it occurred. She also said the hackers targeted 5 billion rubles (about $79 million), but the bank was able to recover some funds.

Reuters reported the cyberattacks focused on the correspondent accounts of other financial institutions, using faked client credentials to access the system. Correspondent accounts allow money to move between different banks in multiple currencies both domestically and internationally.

This theft comes after high-profile cyberattacks on the financial services industry, including $81 million stolen from Bangladesh's central bank via the SWIFT messaging system and manipulation of ATMs around the world.