Nieuwe banktrojan Janeleiro valt Braziliaanse bedrijven aan, ontdekt door ESET Research

 

ESET Research heeft een nieuwe banktrojan ontdekt die, sinds 2019, op Braziliaanse bedrijven doelt in sectoren zoals engineering, gezondheidszorg, detailhandel, productie, financiën, transport en overheidsinstellingen. ESET heeft deze nieuwe dreiging Janeleiro genoemd.

Het tracht zijn slachtoffers te misleiden met pop-ups die eruitzien als de websites van enkele van de grootste Braziliaanse banken. Vervolgens zet het de slachtoffers aan om hun bankgegevens en persoonlijke informatie te verstrekken. Het kan vensters op het scherm controleren, er informatie over verzamelen, chrome.exe (Google Chrome) uitschakelen, schermafbeeldingen maken, alsook keylog-toetsen en muisbewegingen controleren en het kan ook het klembord kapen om bitcoin-adressen te wijzigen in die van criminelen, en dit alles in realtime.

Voor zijn hoofdimplementatie gebruikt Janeleiro hetzelfde model als veel andere malwarefamilies zoals de coderingstaal. In Brazilië zijn alle banktrojans echter in dezelfde programmeertaal ontworpen: Delphi. Janeleiro is de eerste die gecodeerd is in .NET. Andere onderscheidende kenmerken zijn: geen verduistering of aangepaste codering en ook geen verdediging tegen beveiligingssoftware.

De meeste commando's van Janeleiro zijn bestemd om vensters, muis en toetsenbord te controleren alsook de nep-pop-upsvensters. Volgens Facundo Muñoz, de ESET-onderzoeker die de malware ontdekte, "wordt de aard van een Janeleiro-aanval niet gekenmerkt door zijn automatiseringsmogelijkheden, maar eerder door een praktische aanpak: vaak moet de operator pop-upvensters aanpassen via commando’s uitgevoerd in realtime ”.

"Het ziet ernaar uit dat deze Trojan sinds 2018 in ontwikkeling is en dat in 2020 de orderverwerking verbeterd werd om de operator tijdens de aanval beter controle te geven", verduidelijkt Muñoz. Hij vervolgt: “De experimentele aard van Janeleiro gaat heen en weer tussen verschillende versies en onthult een hacker die de juiste weg probeert te vinden om zijn tools te beheren, maar die geen gebrek heeft aan ervaring in het volgen van het unieke programma van tal van Zuid Amerikaanse malwarefamilies. "

Deze hacker voelt zich op zijn gemak bij het gebruik van de GitHub-repositorywebsite om zijn modules op te slaan, zijn organisatiepagina te beheren en elke dag nieuwe repositories te uploaden wanneer het de bestanden opslaat met de lijsten van zijn C & C-servers die Trojaanse paarden recupereren om verbinding te maken met hun operatoren. Als een bankgerelateerd trefwoord op de computer van een slachtoffer wordt gevonden, probeert het onmiddellijk de adressen van zijn C & C-servers vanuit GitHub op te halen en er verbinding mee te maken. Deze nep-pop-up vensters worden dynamisch op aanvraag aangemaakt en door de aanvaller via commando’s bestuurd. ESET bracht GitHub hiervan op de hoogte, maar bij het schrijven van dit bericht was nog geen actie ondernomen tegen de organisatiepagina noch het gebruikersaccount.

Voor meer technische details over Janeleiro, lees de blog “Janeleiro, the time traveler: A new old banking trojan in Brazil “ op https://www.welivesecurity.com/.

Voor de nieuwste info, volg ESET Research op Twitter - ESET Research on Twitter. 

Are you prepared to prevent data loss?

 

From losing cherished memories to missing deadlines, the impact of not having backups when a data disaster strikes can hardly be overstated

By Amer Owaida

Losing valuable data is one of the worst things that can happen to anyone – digitally, at least. Imagine losing critical data that you need to deliver a time-sensitive project with a deadline looming, like a school assignment – or documents needed when you’re applying for a grant, or even a freelance job you’ve taken on.

World Backup Day, was envisioned as a way to help raise awareness of the fact that data loss costs people dearly and that it pays to be prepared. To mark this special day, we’ve dissect the various aspects of not having a backup when experiencing data loss, and what to do in case that happens to you.

What are the impacts of data loss?

Imagine you have lost that critical, not backed-up data for a time-sensitive project. The time you spend trying to either recover the information by some miracle, or having to go through researching, compiling, and rewriting it – this all translates into being less productive and maybe even delivering an inferior product. You also can’t make up for the time lost doing that and therefore you’d be operating on a tight deadline and possibly miss out on an opportunity in the end. And some opportunities don’t come around that often, do they?

The impact of data loss may vary depending on what kind of data is lost, and when during your process it happens. Had you regularly backed up all the important data during your workflow, most of your stress and headaches could have been avoided simply by jumping back into the process where you left off after restoring the lost data from your backup. Besides losing data instrumental to your work, such losses can be even more gut-wrenching if you lose pictures, or videos capturing cherished memories that you won’t be able to recreate. These may range from marriage proposals to childhood memories, or even photos of family members who have long passed on.

How does your data get lost?

There are multiple ways you could lose your precious data; some are avoidable while others are more difficult to predict and prevent. Getting your device infested with malware is one way you could lose your data; depending on the malicious code, your computer could either get entirely wiped, your data corrupted, or –  if you stumble upon ransomware – your data could get locked up. This specific cause of data loss belongs in the realm of the avoidable if you use a full-featured security solution and apply cybersecurity best practices.

Meanwhile, on the other end of the spectrum, we have unforeseeable events or accidents. Your device could get stolen, or it could suffer mechanical damage like spilling liquids on it or falling from a significant height. Beyond mechanical damage, it isn’t uncommon for devices to malfunction, either due to age or a manufacturing defect affecting a specific component, like your hard disk overheating. Power outages are also a thing that can occur, which means if you’re working on a desktop, you could lose the data you’re working on in the blink of an eye. Then you also have to factor in human error, which could result in critical data being accidentally deleted, or set off a chain of events that could possibly even lead to your device being completely wiped.

I don’t have a backup – what do I do?

If your data has been accidentally deleted, stop using the device immediately, but do not turn it off. If it is battery-powered, put it on its charger. Now disable all network connectivity – if it has a “flight mode” or similar, enable that and then put it in “sleep mode”.

However, if your device has suffered an accidental liquid spill, immediately turn it off and try to quickly dry it with a soft dry cloth and if any external media is connected it plug it out and dry that off too. Leave it a few days to dry completely; depending on the amount of liquid damage you may have to consult a professional service.

Fortunately, even if one of the aforementioned scenarios happens, you’re not totally out of luck yet. There are ways you can try to recover your data. If your device was compromised with ransomware, you may be able to find free decryptors created by security companies to address various strains. You can also try to get your data back by using various recovery software that was specifically developed for this purpose. These utilities can either be from the manufacturer of your device or developed by the producer of the components, or alternatively, you can rely on third-party software that can be specific to certain operating systems or devices.

If you’ve run out of DIY options or feel that you are out of your depth, then you can call in the cavalry in the form of a data recovery specialist. However, consider that to be the nuclear option that may set you back hundreds or even thousands of dollars, to get your data back. It’s also worth mentioning that if you attempt to do any DIY recovery and it doesn’t work, you may reduce the chances of a professional being able to help you.

Depending on the type of device and type of damage, such services may be offered by remotely connecting to your device or require you to take or ship the device to the recovery service. If considering this option, contact the service as soon as possible as its staff will have advice on exactly what is best to do with your device following the data loss event.

Summary

One thing is for sure: “prevention is better than cure”. In this context, backing up your sensitive and important data at regular intervals, so you always have something to fall back on is preferable to frantically trying to recover lost data. When it comes to planning your backups, it is better to have several mediums where you have saved any precious memories or mission-critical data.

The best thing you can do is use multiple forms of storage like a reputable cloud solution so you have the data on hand whenever you need it and offline physical storage devices like external drives. For good measure, you should always encrypt all your data as well before you store it anywhere, so that even if someone steals your cloud backups or your external drives, your data is protected.