With the cyber-attack still on the loose, a new transparent, file-less malware in the cyber space is spreading serious virus threat all across the world. Russian cyber-security company, Kaspersky Lab spotted the virus in its latest research. Radio Sputnik recently held a short meeting at the lab with Sergey Golovanov, Principal Security Researcher to discuss the issue.
Undetectable File-Less Malware
While speaking about the file-less malware, Golovanov stated:
“It is a really unique attack because it poses a worldwide threat. The trick with this file-less malware is that they do not need any executable file to run it on the computer. When you double click on it, it copies the file from the hard drive to the memory”
Also Read: Gooligan Malware hacks 1 Million Google Accounts
Additionally, he said that the hackers are attacking without touching the hard drive. They are running the code through network affecting the memory directly. Golovanov said that this virus is extremely hard to detect as they have to employ various unique detection techniques. He said:
“Once we had a phone call from one of our customers, it’s a really big bank and they asked us for help because they had some suspicions. So we planned a business trip, went to the bank and started to capture memory from the big network and finally found the malware”
Golovanov further exclaimed:
“When we started to extract the hard drive from the computer, we found nothing. For us it was a mystery, like what the hell is going on here?”
It has taken a lot of time to crack the code as more complains have been forwarded by various banks, but the team has finally been able to find the issue.
Quick Read: An old strategy exposes Mac OS to malware attacks from hackers
According to the experts:
“We are still not sure how these attacks started and who the first victim of these attacks was”
Structure and Function of the Virus
Explaining the effects of the file-less malware, Golovanov added that the passwords are directly extracted from the computer’s memory. The expert said:
“Furthermore, depending on the structure of the network they can do whatever they want. If it is a big enterprise then it can extract documents, files and presentations”
He additionally explained the attacker’s tunneling technique through which special tunnels are dug inside the network. This allows the attackers to precede transactions without being visible to the security measures.
Golovanov stated that due to this attack, one bank has already witnessed a huge loss of money, which explains the end result of the virus. The attackers need “clean computers to hide their activities” so their main targets have been the telecom industries.
Also Read: Beware! Hackers are active at Facebook profile cloning
The officials have been inquired about the risk that government might face, to which the experts replied:
“It is hard to tell because right now we are not able to attribute this attack to any group or any known criminal attackers. We don’t know who is behind it at the moment”
This alleged in-memory file-less malware is impossible to detect due to its invisible feature. It disappears soon after hitting a server. The malware has been used to rob bank accounts in the past. But according to the recent study by Kaspersky, this invisible malware has affected over 140 institutions globally.
Source: Sputnik News