Silence is the name of a new Trojan (and the hacking group behind it), discovered in September by Kaspersky Lab researchers. The targeted attack is set against financial institutions, and at this point its victims are primarily Russian banks, as well as organizations in Malaysia and Armenia.
|Short Description||The Trojan is gaining persistent access to internal banking networks, making video recordings of daily activities of the bank’s employee machines.|
|Symptoms||Silence Trojan main feature is its ability to take repeated screenshots, taken at small intervals, of the victim’s desktop. It has been built with the idea to stay undetected on targeted systems.|
|Distribution Method||Spear-phishing emails|
|Detection Tool|| See If Your System Has Been Affected by Silence Trojan |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Silence Trojan.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
In these attacks, Silence’s authors were using a very efficient hacking technique – gaining persistent access to internal banking networks, making video recordings of daily activities of the bank’s employee machines, thus acquiring knowledge on how the software is being used. This knowledge was later applied to steal as much money as possible.
It is worth mentioning that researchers have previously observed this technique in Carbanak targeted operations. As explained in the original report, the infection vector is a spear-phishing email with a malicious attachment. A noteworthy stage from the Silence attack is that the cybercriminals had already compromised the banking infrastructure in order to send their spear-phishing emails from the addresses of real bank employees so that they look as unsuspicious as possible to future victims.
Malicious .chm Attachment Part of Silence Trojan’s Campaign
At a later stage, when a targeted machine is outlined as valuable to the operation, the attackers send a second-stage payload – the Silence Trojan itself.
Silence Trojan – Technical Specifications
Silence Trojan main feature is its ability to take repeated screenshots, taken at small intervals, of the victim’s desktop. The screenshots are then uploaded to the C&C server where a real-time pseudo-video stream is created.
Why are the Trojan’s authors using screenshots instead of a video? They may have chosen this way of recording employees’ activities because it uses less computer resources and helps the Trojan remain undetected. This may be the reason the operation is called Silence.
Once all the data is collected, the cybercriminals can review the screenshots to locate valuable data such as finding URLs of internal money management systems, to continue their operation.
The final stage of the operation is built around the exploitation of legitimate Windows administration tools to masquerade the Trojan in its final phase. This technique has been previously used by Carbanak.
The best way to protect against targeted attacks on financial organizations is to deploy advanced detection capabilities found in a solution that can detect all types of anomalies and also scrutinize suspicious files at a deeper level, researchers say.
SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter