Strains of Mutant Malware Increasingly Evading Anti-Virus to Rob Bank Accounts, Says Akouto

TORONTO, Aug. 29, 2017 /PRNewswire/ — Cybersecurity experts from Akouto have found a big increase in new kinds of harmful software that regular anti-virus tools can’t catch. Most of these attacks aim to steal private information and money through online banking scams.

A small business owner in Ontario first realized there was a problem when their bank called about some suspicious money transfers, which might have been done by hackers. The company checked all their computers and ran anti-virus scans, which showed no viruses. However, to be extra safe, they decided to improve their security by hiring a managed cybersecurity service.

After they upgraded their security, it became obvious that the situation was more serious than it looked. Bruno Macchiusi, the founder of Alpha Logics, said, “We started getting a lot of alerts about many computers talking to a hacker network. Even though virus scans found nothing, our network monitoring tools helped us quickly find the threat — it was the Heodo banking Trojan, and we removed the infected systems from the network.”

Heodo first appeared in March 2017. It mainly tries to steal important information like passwords and online banking details to steal money from bank accounts. The malware gets into computers when someone clicks on a link or opens a PDF in a fake invoice email from someone they know. Once the computer is infected, the Trojan looks for more email addresses to send deceptive emails from the victim. It also looks for other computers in the network to infect by taking advantage of a security weakness in Windows.

Dominic Chorafakis, founder of Akouto, explained, “The creators of Heodo combined features of a Trojan and a Worm to make something that can steal information, copy itself, and change. It uses its Trojan side to keep gathering sensitive information and sends it back to the hackers. With its Worm side, it spreads to more computers, stealing more information and spreading even further.”

Heodo uses a special technology called a crypter to stay hidden from anti-virus programs. It hides inside applications on the computer, connects to hacker servers to get more instructions, and makes changed copies of itself on the computer.

These kinds of attacks show that protecting against cyber threats needs more than just anti-virus. Macchiusi stated, “Identifying the breach was only half the battle. After we isolated the infected computers, the real challenge was finding all the changed versions of the virus on each system before they could be safely reconnected to the network. We had to use products from eight different anti-virus companies and specialized monitoring to finally figure out the right combination of tools and methods to completely remove the Trojan.”

Leave a Comment