Australia a top target for banking Trojan

By Dylan Bushell-Embling
Wednesday, 12 October, 2016

Australia is one of the top targets of Odinaff, a new Trojan used in multiple high-level financial attacks, according to an analysis by Symantec.

Since emerging in January, Odinaff attacks have hit a range of regions. While the US is the most frequently targeted region (25%), Hong Kong (20%) and Australia (19%) are not far behind.

The Trojan is typically deployed during the first stage of an attack to gain a foothold onto the network. It provides attackers with a persistent presence and the ability to install additional tools onto the infected network.

The Odinaff attacks use some of the infrastructure previously used in the high-profile Carbanak financial industry malware campaigns — suggesting some links to the Carbanak group — and uses a similar model.

Estimated losses to Carbanak-linked attacks range from tends to hundreds of millions of dollars, Symantec said.

Among incidents where the target's business sector was known, the financial sector was by far the most frequent target of Odinaff-related attacks. Even in cases where the target’s business sector was unknown, in many cases the attacks were against computers running financial software applications.

One of the most common distribution methods involve spreading Odinaff through documents containing a malicious macro.

While Odinaff is used to perform the initial compromise, other tools are used to complete the attack. A popular follow-up malware is Batle, which is capable of running commands solely in memory to avoid detection.

“The discovery of Odinaff indicates that banks are at a growing risk of attack. Over the past number of years, cybercriminals have begun to display a deep understanding of the internal financial systems used by banks,” the Symantec Security Response team said in a blog post.

“They have learned that banks employ a diverse range of systems and have invested time in finding out how they work and how employees operate them. When coupled with the high level of technical expertise available to some groups, these groups now pose a significant threat to any organization they target.”

Image courtesy of Intel Free Press under CC