A Italian cybersecurity company has discovered a financial fraud campaign that has been targeting corporate banking clients since 2019. This campaign uses a web-inject toolkit called drIBAN, which allows attackers to bypass anti-fraud systems and transfer money to their own or affiliated bank accounts. The attackers use phishing emails with an executable file to download the reconnaissance tool sLoad, which collects and exfiltrates data to assess the target and drop more significant payloads like Ramnit. sLoad also uses Windows tools and checks a predefined list of corporate banking institutions to determine if the hacked workstation is a target. If successful, the botnet operators install Ramnit to initiate banking fraud operations.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.