From Threatpost:
New variants of the notorious Carbanak Trojan have surfaced in Europe and the United States, and researchers say that the malware now has its own proprietary communications protocol and the samples seen so far have been digitally signed.
Carbanak has been in use for several years, and researchers at Kaspersky Lab earlier this year revealed the details of a major Carbanak campaign that took banks for about $1 billion. That campaign targeted banks directly, rather than going after end users. The attacks begin with spearphishing emails that have rigged attachments containing the Carbanak backdoor. Once on a compromised machine, Carbanak gives attackers remote control of the machine and the criminals used that as a foothold on the bank’s network and then stole money in several different ways.
“These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery,” Sergey Golovanov, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team, said when the Carbanak report was released earlier this year.