The Redaman banking Trojan was first seen in 2015, and it has now reemerged with expanded capabilities. These new capabilities include terminating running processes and smart card monitoring. The malspams are spreading Redaman to email addresses ending with .ru, and in these emails there is an attachment that looks like a PDF file. The file formats being used is often changed–going from ZIP to .7z, .rar, and .gz. Right now, the campaign has only been deployed in Russia with banks and other financial institutions being the primary target. Tactics are quickly growing and expanding and there have already been 100 different forms of Redaman seen in the wild. Be on the lookout for this banking trojan in 2019 as it shows no sign of slowing down.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security