FIN8 gang uses new Badhatch malware to steal map data

The cybercriminal grouping FIN8 conducts regular malicious campaigns. Their main task is to steal credit cards’ data.

Hackers use new malicious program developed for attacks on POS-terminals.

The group has been strongly financially motivated.

Currently, Gigamon’s researchers have discovered Badhatch malware, which has never been noticed anywhere before. FIN8 cybercriminals have used this very program in their recent operations.

Badhatch is responsible for the initial phase of the attack – its task is to research victim’s network.

“BADHATCH’s first stage loads an embedded, second-stage DLL into memory. When this DLL is executed it is injected into a svchost.exe proecss or explorer.exe. It then begins beaconing to a hard-coded C2 IP using TLS encryption, sending over a host identification string as well as details on the infection machine’s OS version and bitness”, — say in Gigamon.

He can also install the PoSlurp program, designed to intercept data of payment cards that pass through POS terminals.

Read also: German banks refuse to support authorization by one-time SMS-code

Gigamon specialists conducted reverse engineering of the malware, making it possible to establish that FIN8 uses it in conjunction with other custom backdoors.

“Badhatch differs as it uses an alternative and atypical channel of communication with the command server C & C”, – experts explain.

FIN8 cybercriminals are trying to deploy multiple backdoors on the victim’s network to create an additional foothold. This helps in the case of detection of the basic malicious component.

Apparently, Badhatch is a unique malware designed by FIN8 specifically for its purposes.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button