Security News > 2023 > January > BitRAT malware campaign uses stolen bank data for phishing
Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets with the BitRAT remote access trojan, according to cloud security firm Qualys.
The company found that the infrastructure of an undisclosed Colombian cooperative bank had been hijacked by attackers while investigating BitRAT lures in active phishing attacks.
A total of 418,777 records containing sensitive customer data, including names, phone numbers, email addresses, addresses, Colombian national IDs, payment records, and salary information, were stolen from the breached servers.
"Moreover, the lures themselves contain sensitive data from the bank to make them appear legitimate. This means that the attacker has gotten access to customers' data," Qualys said.
Since at least August 2020, BitRAT has been sold as off-the-shelf malware on dark web markets and cybercrime forums for as little as $20 for lifetime access.
The highly versatile BitRAT can be used for a variety of malicious purposes, including recording video and audio, data theft, DDoS attacks, cryptocurrency mining, and delivering additional payloads.
News URL
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)