French Organizations Targeted by TinyNuke Banking Malware

French Organizations Targeted by TinyNuke Banking Malware

Proofpoint researchers have discovered a new TinyNuke banking malware campaign targeting French organizations.

The campaign was seen targeting French companies which have operations in France specifically. The banking malware was first spotted in 2017 and last seen in 2019.

“Proofpoint observed dozens of TinyNuke campaigns targeting French entities in 2018. After only observing a handful of TinyNuke campaigns in 2019 and 2020, Proofpoint observed TinyNuke reappear in January 2021 in one campaign distributing around 2,000 emails.”  said in the blog post published by Proofpoint researchers.

“Subsequent campaigns appeared in low volumes in May, June, and September. In November, Proofpoint identified multiple TinyNuke campaigns distributing around 2,500 messages and impacting hundreds of customers.”

Threat actors were observed using invoice-themed lures purporting to be logistics, transportation, or business services entities. 

The messages contain download links to the compressed executable responsible for installing TinyNuke.

Researchers observed at least two distinct activity sets using TinyNuke based on different lure themes, payload deployment, and command and control (C2) infrastructure

Threat actors were seen using legitimate, but compromised, websites to host the payload URL.

The following binaries are dropped to disk and executed.

C:\Users\[User]\AppData\Roaming\E02BC647BACE72A1\tor.exe

C:\Users\[User]\AppData\Roaming\E02BC647BACE72A1\firefox.exe

C:\Users\[User]\AppData\Roaming\putty.exe

And the C2 communications were observed via TOR.

After installed, the malware can be used for data and credential theft with form grabbing and web inject capabilities for Firefox, Internet Explorer, and Chrome and also to install additional payloads.

“Of note, in most of the recent campaigns the actor has stayed consistent with using URLs to ZIP files and the continued use of Tor for C2 communications. The malware can be used for data and financial theft, and compromised machines may be added to a botnet under the control of the threat actor.”

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin, and Twitter.

You may be interested in reading: How to Survive the COVID Time Cyber ​​Security Threats?

The post French Organizations Targeted by TinyNuke Banking Malware appeared first on SecureReading.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.