Palo Alto’s Research Division Detects Malware Targeting Israeli Crypto Firms

Malware attacks have always been one of the main concerns of the cryptocurrency area. Palo Alto’s research Division, Unit 42, detected a malware targeting two Israeli FinTech and crypto software trading companies. According to the reports, Cardinal RAT (Remote Access Trojan) malware, which was first discovered in 2017, was the malware in question.

The researchers suggested that the payload of the latest version of Cardinal RAT, in terms of their mode of operation, doesn’t differ much from the original. So was reported when RAT enters a victim’s computer, it rapidly steals vital information, updates the settings, acts like a reverse proxy, and executes some malicious commands before it completely deletes itself from the system.

In a blog post, Palo Alto Networks revealed that Israel’s FinTech and crypto trading companies have been targeting a malware called Cardinal RAT since 2017. Research department Unit 42 revealed that at least two known large-scale attacks, since the first surface of the malware, have occurred on Israeli FinTech firms.

According to Unit 42 –

“An older version of the Cardinal RAT malware was first discovered in April 2017 as it attempted to investigate the cause of an attack on two Israeli firms developing crypto and forex trading software.”

The report added –

“The attacker could access the victim’s personal information with this malware, capture screenshots, clean browser cookies, uninstall itself from the victim device, execute commands, retrieve passwords, download and execute new files, and update settings.”

Though the details of the two firms building software for cryptocurrency and Forex trading firms aren’t revealed, yet the implications of this malware attack can be harmful. This completely depends on the significant operations of the platform, like whether they had customer information stored in their device.

In a statement, Unit 42 stated –

“Through lure documents attached to spam messages sent to individuals thought to operate as Forex and cryptocurrency traders, the malicious files find their way into machines.”