Polish banks on alert after mystery malware found on computers

The source of infection might have been a Polish government agency's website

The discovery of malware on computers and servers of several Polish banks has put the country's financial sector on alert over potential compromises.

Polish media reported last week that the IT security teams at many Polish banks have been busy recently searching their systems for a particular strain of malware after several unnamed banks found it on their computers.

It's not clear what the malware's end goal is, but in at least one case it was used to exfiltrate data from a bank's computer to an external server. The nature of the stolen information could not be immediately determined because it was encrypted, Polish IT news blog Zaufana Trzecia Strona reported Friday.

To make things worse, it's believed that the likely point of infection was the website of the Polish Financial Supervision Authority, a government watchdog for the banking sector. Independent cybersecurity outfit BadCyber found evidence that the agency's website has had malicious JavaScript code injected into it since October until a few days ago, when the entire website was taken offline.

After the malware program is downloaded and executed on a computer, it connects to remote servers and can be used to perform network reconnaissance, lateral movement and data exfiltration, the BadCyber researchers said in a blog post.

The malware is similar to other crimeware tools, but has not been documented before. According to BadCyber, it has multiple stages and obfuscation layers and is not detected by most antivirus solutions. The final payload exhibits remote access Trojan (RAT) functionality.

The cybersecurity outfit has shared file hashes and command-and-control IP addresses associated with the threat in their blog post.

The Polish Financial Supervision Authority did not immediately respond to a request for comment and neither did the Polish Computer Emergency Response Team (CERT Polska).

The www.knf.gov.pl website, which is suspected to be the source of the malware infection, currently displays a temporary page informing visitors that access to the website is blocked.

If this scenario is true, it would be a classic watering hole attack, where hackers compromise and host malicious code on websites that are of interest to their intended victims.

There is no indication at this time that funds have been stolen or that customers' accounts have been put at risk. However, the number of attacks against banks and other financial institutions has increased over the past two years.

There are now cybercriminal groups that specialize in hacking into banks' computer networks. Some of them wait for months inside the compromised networks before they start stealing money. During this time they carefully observe and gather information about the target's internal procedures, money moving processes, and key employees.

"We should expect that cybercriminals will find more creative and reliable ways to compromise their victims," said Ilia Kolochenko, CEO of cybersecurity firm High-Tech Bridge. "Trustworthy websites, such as governmental ones, represent great value for cybercriminals, even if they don't host any sensitive or confidential data."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?