New “Silence Malware” Targets Financial Organizations

Hackers have launched the latest move against financial organizations in multiple regions including Russia, Armenia, and Malaysia.have been targeted by the new Silence crew in a series of ongoing attacks. Hackers can access their infrastructure and keep accessing it for an extended period without getting detected to understand the internal processes for stealing cash.

The Silence attacks begin with spear phishing emails. The message comes with a malicious attachment in the form of a ‘Windows help. CHM’ file which runs once the document has been opened. An embedded JavaScript within this automatically downloads and executes a Visual Basic script which then, in turn, downloads a malware dropper from a command and control server.

The code is written in the Russian language which has led researchers to the conclusion that the attack group is Russian-speaking. Once downloaded and installed on the system, the malware allows the attackers to take multiple screenshots of the victim’s active screen, providing a real-time stream.

Kaspersky Lab report stated:

“The criminals exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account.”

“The analysis of this case provides us with a new Trojan, apparently being used in multiple international locations, which suggests it is an expanding activity of the group. The Trojan provides monitoring capabilities similar to the ones used by the Carbanak group.”

Security Researchers note that this campaign has been successful in attacking financial institutions, no matter where in the world they’re based or what the network infrastructure looks like.