A new version of the “Carbanak” malware has recently been analysed by cyber-security researchers. Such versions of Carbanak have appeared in Europe and the United States, which are priority targets for the hackers.
We already know that Carbanak, aka “Anunak”, is a virus which has been used to steal approximately one billion dollars since its appearance. The hackers who distribute it are believed to operate from Russia, Ukraine and (possibly) China.
The targets are in fact businesses directly, not their users: more than a hundred banks, e-payment systems and financial institutions, in some thirty countries, have fallen victim to the hackers.
Targets are investigated and sorted prior to an attack. To avoid attracting attention, the malware is only deployed on a small population of computers.
The malware source code is digitally signed. Data contained in the signature relate to a company based in Russia, which is suspected of receiving the proceeds of fraudulent transactions connected to the virus.
Code designed to be deployed on a small number of precise targets, in order to be undetectable, is characteristic of what researchers refer to as financial malware.
* A digital signature is a scheme for authenticating a message, document or piece of software.