Trusteer says that the 18 month old file infecting worm Win32.Ramnit has morphed into financial malware and is actively attacking banks to commit online fraud.
Ramnit configurations captured and reverse engineered by the company were found to incorporate tactics from the Zeus financial malware platform. Ramnit has borrowed from Zeus the ability to inject HTML code into a web browser, which it is using to bypass two-factor authentication and transaction signing systems used by financial institutions to protect online banking sessions.
The financial malware version of Ramnit was discovered by Trusteer’s fraud analysts using the Pinpoint zero-day anomaly detection system and Flashlight remote incident investigation system. Ramnit’s command and control servers are located in Germany and are currently live. According to the Symantec Intelligence Report for July, Ramnit accounts for 17.3 percent of all new malicious software infections. This number is consistent with Trusteer's findings that tens of thousands of machines used for online banking are currently infected with Ramnit.
Ramnit was first detected in 2010 and targets .EXE, .SCR, .DLL. .HTML and other file types. File infection is an old school virus technique that is rarely seen in modern financial malware. The evolution of Ramnit into a fraud tool was made possible when the source code of the notorious Zeus financial malware platform was made freely available on the Internet earlier this year. Since then, fraudsters and malware authors have borrowed parts of the Zeus toolkit and incorporated into other malware. Trusteer researchers found the method used to configure Ramnit to target a specific bank is identical to the one used by Zeus. This allows fraudsters who have written configurations for Zeus to easily port their configuration to Ramnit.
“The metamorphosis of Ramnit into financial malware is a sign of things to come now that the Zeus source code has been made openly available to anyone on the internet,” says Amit Klein, CTO of Trusteer. “Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program - old or new. The malware distribution channel for fraudsters has increased in scale significantly.”
Latest News
-
UK court confirms shutdown of payments firm over crime concerns
-
Visa and OpenAI partner to enable secure agentic AI payments
-
Citi hires new MD for consumer and retail investment
-
Rabobank, ING, Credit Agricole ‘consider stake in Belgium-owned bank’
-
Visa and Mastercard win preliminary approval for $38bn swipe fee settlement
-
UK watchdog investigates auditors linked to collapsed lender MFS
Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?
Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.
Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.
Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories