Bredolab Trojan attack uses job applications, nets hackers $150K

The FBI said attackers are emailing malicious job applications to businesses that contain malware that steals banking credentials and wire transfers stolen money to the Ukraine.

The FBI is warning businesses of an ongoing Bredolab Trojan campaign that targets postings on legitimate job posting websites and has so far netted cybercriminals $150,000.

Cybercriminals responded to online job postings with email messages containing malware laden job applications. The malware allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company.

"The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts," the FBI said.

Investigators determined that the malware is a Bredolab variant, connected to the Zeus Trojan, a banking Trojan commonly used to target businesses. Bredolab has been quickly spreading via email messages and drive-by downloads, according to Symantec.

The cybercriminals behind Bredolab use automated attack tools to spread the malware. Social engineering tricks make emails seem legitimate in order to deceive the user. Symantec said it has detected Bredolab variants in Western Union free money spam messages, spoofed UPS Delivery failure notices and fake Facebook password-change messages.

In October, Dutch authorities announced that computer teams took out the Bredolab botnet, seizing and disconnecting more than 100 command-and-control servers. Bredolab is thought by some experts to have infected at least 30 million computers.

Security experts say employees should not trust email attachments from people you do not know. Check attachments with an antvirus scan prior to opening them. The FBI alsorecommends that businesses use separate computer systems to conduct financial transactions.

~Robert Westervelt

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close