A new Trojan malware known as “Silence” has been spotted by security analysts, and the teams confirmed that a group of highly trained and organized hackers is taking control of multiple bank accounts to steal millions of dollars.
The attack has been confirmed to be a widespread occurrence in countries around the globe.
Unlike traditional hacking attempts that target bank accounts, the hacker inserts a Trojan into the user accounts of hundreds of people across the globe in different banking networks.
They continuously monitor the activities of every individual as the malware sends them live video feeds.
This process makes it easier to confirm the sum a person has in their account before they make use of the credentials available and transfer the money to their own accounts.
The issue was first spotted by the security firm Kaspersky Lab.
Being an anti-virus and anti-malware development company, the Kaspersky research team often scouts the internet to find new signs of viruses, ransomware or spyware.
They managed to find the new Trojan named Silence, which was being used by a Russian-speaking hacking team. According to the Kaspersky report, the hacking group had already gained access to 10 different financial institutions.
Most of the affected banks are located in Russia, but some were also spotted in Malaysia and Armenia.
The problem with this attack is that even though the banks are physically in their headquartered region, they are still reputed institutions that hold funds from people worldwide, which is how the hackers managed to gain access to millions of dollars through multiple attempts.
The attacking style was similar to one previously carried out by a notorious hacking group called Carbanak, which also targets banks.
The method involved sending phishing emails to all the targeted victims, and everyone who opened these messages would then fall into the trap set by the hackers.
Unlike other hacking attempts, this particular unidentified group—which allegedly operates from Russia—doesn’t try to login to random accounts.
Instead, they make use of the Silence Trojan to leisurely study a victim’s activities and record their username and password, among other credentials.
When the hackers have solid evidence that a large sum of money is available in the victim’s account, they then log in and initiate the transfer.
In other times, the hacking group simply lurks on multiple computers and accounts, scouting for money.
Such a technique allows them to stay online for weeks and months, whereas security authorities may not be able to nab them as there are no clear indicators for when or where they will strike next.
Another important discovery made by the Kaspersky Lab researchers is that the hacking group is strongly focused on banks and banking networks which were previously hacked.
The investigation is ongoing to find if they are using possible security loopholes that were left unattended during past attacks.
The phishing emails are sent to real accounts, which are rumored to have been purchased in bulk quantities from the dark web.
In the phishing email, the message requests a customer to follow some simple procedures to open a new account for themselves or another known person.
All these together will turn into a download file to get the malware onto the computer, and the hacking team will soon be able to monitor all activities from their command and control server.
The Kaspersky researchers concluded that the team may be based in Russia after they discovered Russian codes in the Silence Trojan.
Once the file is successfully downloaded onto the system, it will provide multiple screenshots of what users are doing on their devices. A live stream is initiated when required.
An earlier attack by the Carbanak hacking group used a similar technique to find people with large quantities of money in their bank account, and then make off with that money.
Though it is presently unclear whether the Carbanak hacking group is linked to the Silence Trojan, there are certainly some similarities in the method of attack.
So far, the hacking team behind the Silence malware has already gained access to more than 10 banks without any difficulty.
This is made possible because they have the right user credentials to actually log in like the real user would, in order to strike at the right moment.