The return of the Carbanak malware: it now imitates some enterprise software

Il malware Carbankknown since 2014, is back in the news.

The malicious agent, in fact, has been updated in order to once again worry users and professionals. If Carbank was originally a banking malwarecybercriminals have adapted its functions to 2023, making it a suitable tool for attacks ransomware today.

According to the cybersecurity company NCC Groupwhich has been analyzing the malware over the past month, has significantly diversified its strategies, becoming a different malicious agent than in the past.

Carbanak moves from banking apps to ransomware attacks

To facilitate its distribution, cyber criminals exploit hacked websites, offering company software specifically tampered with to spread malware. The report published by NCC Group is reported as “Carbanak returned last month through new distribution chains and was distributed through compromised websites to impersonate various enterprise software. November’s impostors included CRM platform HubSpot, data management software Veeam and account tool Xero“.

Carbank, widely used in the past by the group FIN7, is malware with extensive data exfiltration and remote control capabilities. This malicious agent joins the many others already active in the ransomware context, with NCC Group outlining a rather disturbing overall scenario.

The company’s experts, in fact, speak of an increase in these attacks 67% in November, with an increase in successful operations around 30%.

Experts have noticed that the sector most targeted by those who manage ransomware is always that one industrialwith the 33% of registered cases. Companies that deal with consumer goods e healthcare they settle in second and third position respectively with the 18% and the11% of registered cases.


Please enter your comment!
Please enter your name here