Banking Trojan Uses NSA-Linked Exploit

Discussion in '0-day Release' started by silversurfer, Sep 26, 2017.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Newly observed Retefe banking Trojan samples have implemented the National Security Agency-related EternalBlue exploit, Proofpoint security researchers have discovered.

    Unlike previous malware attacks that exploited EternalBlue, however, the new campaign doesn’t abuse it to spread in an infinite loop. In fact, the exploit-carrying samples are distributed via spam emails, while the version dropped via EternalBlue lacks the exploit.

    EternalBlue is a NSA-linked tool that became public in April, one month after Microsoft released a patch for it. The exploit leverages a vulnerability in Windows’ Server Message Block (SMB) on port 445, allowing attackers to have malicious code automatically executed on vulnerable systems.

    The exploit became highly popular after being abused in the massive WannaCry ransomware campaign that unfolded in May this year. Other malware, however had been abusing it for weeks.

    RGiskardR and kram7750 like this.
  2. Google Adsense

Share This Page