“It is a really unique attack because it poses a worldwide threat. The trick with this file-less attack is that they do not need any executable file to run it on the computer. When you double click on it, it copies the file from the hard drive to the memory,” Golovanov said.
Talking about how they found this virus, Golovanov said that they had to use very hard and unique techniques to find it.
“Once we had a phone call from one of our customers, it’s a really big bank and they asked us for help because they had some suspicions. So we planned a business trip, went to the bank and started to capture memory from the big network and finally found the malware,” he said.
“When we started to extract the hard drive from the computer, we found nothing. For us it was a mystery, like what the hell is going on here?” Golovanov said.
Other banks also started complaining about this issue and after a long period of decoding the team finally found the problem.
“We are still not sure how these attacks started and who the first victim of these attacks was,” the expert said.
Talking about what exactly this new malware does, Golovanov said that it extracts the passwords directly from the memory of the computer.
“Furthermore, depending on the structure of the network they can do whatever they want. If it is a big enterprise then it can extract documents, files and presentations,” the expert said.
Looking at what the ultimate end game in this situation is, Golovanov said that one bank has already lost a huge sum of money because of this attack. The other targets of this attack were the telecom companies because the attackers need “clean computers to hide their activities.”
Talking about whether governments are at risk at the moment, the expert said that, “It is hard to tell because right now we are not able to attribute this attack to any group or any known criminal attackers. We don’t know who is behind it at the moment,” the expert concluded.
The so-called in-memory malware is primarily known for its ability to disappear after being installed on a server, making it almost impossible to detect.
Previously, hackers used it primarily to steal money from bank accounts. However, Kaspersky’s recent study shows that over 140 institutions worldwide have been infected with the invisible virus.
