Eko malware is delivered through Facebook spam messages by infected friends. It asks them if they are the person in the linked video file, which is a malicious link that poses as a YouTube video embedded in the message. The message itself is unique as it includes the profile picture of the person, their name, and a link with the text “xic.graphics”. Infected user accounts send similar messages to their Facebook Messenger contacts.
Upon installation, Eko malware can inject advertisements in the browser, and collect private information, such as stored passwords, browser history, and bank account details.
Odinaff Trojan first appeared in January, and is attacking organizations in the banking, securities, trading and payroll sectors. It contains custom-built malware tools to spy on networks, steal credentials, and monitor and record employees, which resembles the Carbanak Trojan.
Odinaff Trojan is very sophisticated, and the group behind it is believed to be well-resourced and professional. It can take screen shots of the infected system and sent to its remote Command-and-Control server, download and execute RC4 cipher keys, as well as issue shell commands.
References: Carbanak-Like Odinaff Trojan Targets SWIFT, Banks Worldwide | The Odinaff Trojan Hits Banks Worldwide, Monitors Networks and Steals Data | Odinaff: New Trojan Used in High Level Financial Attacks
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.