Polish banks on alert after mystery malware found on computers

The source of infection might have been a Polish government agency's website

The discovery of malware on computers and servers of several Polish banks has put the country's financial sector on alert over potential compromises.

Polish media reported last week that the IT security teams at many Polish banks have been busy recently searching their systems for a particular strain of malware after several unnamed banks found it on their computers.

It's not clear what the malware's end goal is, but in at least one case it was used to exfiltrate data from a bank's computer to an external server. The nature of the stolen information could not be immediately determined because it was encrypted, Polish IT news blog Zaufana Trzecia Strona reported Friday.

To make things worse, it's believed that the likely point of infection was the website of the Polish Financial Supervision Authority, a government watchdog for the banking sector. Independent cybersecurity outfit BadCyber found evidence that the agency's website has had malicious JavaScript code injected into it since October until a few days ago, when the entire website was taken offline.

After the malware program is downloaded and executed on a computer, it connects to remote servers and can be used to perform network reconnaissance, lateral movement and data exfiltration, the BadCyber researchers said in a blog post.

The malware is similar to other crimeware tools, but has not been documented before. According to BadCyber, it has multiple stages and obfuscation layers and is not detected by most antivirus solutions. The final payload exhibits remote access Trojan (RAT) functionality.

The cybersecurity outfit has shared file hashes and command-and-control IP addresses associated with the threat in their blog post.

The Polish Financial Supervision Authority did not immediately respond to a request for comment and neither did the Polish Computer Emergency Response Team (CERT Polska).

The www.knf.gov.pl website, which is suspected to be the source of the malware infection, currently displays a temporary page informing visitors that access to the website is blocked.

If this scenario is true, it would be a classic watering hole attack, where hackers compromise and host malicious code on websites that are of interest to their intended victims.

There is no indication at this time that funds have been stolen or that customers' accounts have been put at risk. However, the number of attacks against banks and other financial institutions has increased over the past two years.

There are now cybercriminal groups that specialize in hacking into banks' computer networks. Some of them wait for months inside the compromised networks before they start stealing money. During this time they carefully observe and gather information about the target's internal procedures, money moving processes, and key employees.

"We should expect that cybercriminals will find more creative and reliable ways to compromise their victims," said Ilia Kolochenko, CEO of cybersecurity firm High-Tech Bridge. "Trustworthy websites, such as governmental ones, represent great value for cybercriminals, even if they don't host any sensitive or confidential data."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?