14 DAY TRIAL // Carbanak, the vaunted banking trojan that helped cyber-criminals steal $1 billion / €910 million from banks across the globe, has been spotted again, and this version also comes with new features.
Unmasked exactly one year ago by the Kaspersky team, Carbanak is an evolution of the older Anunak banking trojan. We won't go over all of Carbanak’s features and modus operandi once again since my colleague Ionut did a better job last year, but we're going to focus on the new Carbanak 2.0's features, which Kaspersky presented at this year's Security Analyst Summit (SAS 2016) held in Tenerife, Spain.
As the company revealed, all of Carbanak’s original features remained the same, but the trojan can now also alter a bank's database, so the Carbanak gang can modify account ownership to whomever they see fit, usually another gang member.
Kaspersky reports that, since last September, when CSIS observed the last known version of the banking trojan, Carbanak has evolved to add this feature and also started targeting more than banks, being also spotted in the budgeting and accounting departments of other types of companies.
Carbanak can now target and alter bank databases
More specifically, the cyber-security vendor's researchers were called in to investigate Carbanak infections in a telecommunications company and a financial institution.
In the financial institution, the cyber-criminals used Carbanak to modify the details for a company's shareholders, placing one of their money mules as a major stakeholder.
The change was noted in due time, and the group could not use this alteration in any fraudulent transactions, but this shows a clear intent to carry out mass-fraud operations, not just simple ATM heists in the middle of the night.
Either way, even without this update, Carbanak was powerful enough to be easily considered the world's most dangerous banking trojan. Previous research presented clues that tied this particular piece of malware to an IP owned by the Russian Security Service (FSB).
