New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Russian Banks Targeted by Redaman Trojan

The Redaman banking Trojan was first seen in 2015, and it has now reemerged with expanded capabilities. These new capabilities include terminating running processes and smart card monitoring. The malspams are spreading Redaman to email addresses ending with .ru, and in these emails there is an attachment that looks like a PDF file. The file formats being used is often changed–going from ZIP to .7z, .rar, and .gz. Right now, the campaign has only been deployed in Russia with banks and other financial institutions being the primary target. Tactics are quickly growing and expanding and there have already been 100 different forms of Redaman seen in the wild. Be on the lookout for this banking trojan in 2019 as it shows no sign of slowing down.

Analyst Notes

If a suspicious email finds its way to a user’s inbox, caution should be used when opening it. If there is an attachment included in a suspicious email, users are advised to not click on it as it likely that the attachment contains some sort of malicious content.