The cybersecurity firm Palo Alto Networks has revealed in a blog report that the fintech and cryptocurrency trading firms in Israel have been the target of a malware dubbed Cardinal RAT since as early as 2017.
The Unit 42 research department revealed that there have been at least two known large scale attacks on Israeli fintech firms since the malware first surface.
What is Cardinal RAT?
The malware in question is a Remote Access Trojan virus that allows full control of the device from a remote location. The trojan that operates in silence.
The software would collect all the data of the target and then wipe clean its presence from the device through a complete uninstall of the applications. The malware steals the data by storing key presses and sending the data off-site through the internet before wiping itself clean.
Other attacks
The report by security firm further reveals that the said fintech firms have been under the attack of a similar malware in the past as well. The malware named ENVILNUM was built on javascript and the new virus seems to be built on the same principles.
The report furthers that both the malware have even attacked the same fintech firms at the same time as well. The report, however, does not reveal any information on whether any data was stolen during the malware attacks.