VIRUS IDENTIFICATION
Type of virus: targeted attack of increased complexity, Trojan program, malware.What is Metel?
Metel is a banking Trojan (also known as Corkow) that was discovered in 2011. Then it was used to attack users of online banking systems. In 2015, the Metel group began to attack banks and financial institutions themselves.How does he work?
After infection, cybercriminals resort to legal technologies to test the network for penetration, gain control of a local domain controller, and ultimately gain access to the computers of bank employees responsible for processing card transactions.Thanks to this scheme, attackers set up automatic rollback of transactions made through ATMs.
Therefore, even if criminals constantly withdraw money from ATMs, the balance in their accounts will remain constant, no matter how many ATM transactions are made.
Who is being attacked?
Banks and financial institutions are victims of attacks.The main targets of attackers in these organizations are:
- In banks - online banking database: criminals can manipulate the balance on bank cards.
- In companies, there is a computer in the accounting department with the Client-Bank system that manages cash transactions. Criminals can replace the bank details of a real transaction or manually carry out fraudulent transactions.
- Payment system API servers: there is software that indicates how much money needs to be transferred to a specific phone number. Criminals manipulate this API to make it think that the client is transferring 10,000 rubles (about $120) to a large number of phone numbers.
Am I at risk?
To date, Kaspersky Lab has not detected a single Metel attack outside of Russia. Nevertheless, the group is still active, and experts have reason to believe that the geography of infections may be much wider. That is why the company recommends that banks around the world check their IT systems to prevent infection.How do I know if I'm infected?
Kaspersky Lab products successfully detect and block malware used by Metal with the following detection names:Trojan-Dropper.Win32.Metel; Backdoor.Win32.Metel; Trojan-Banker.Win32.Metel
In addition, infection indicators are published in God on Securelist.
How to protect yourself from Metel?
To increase the level of protection, organizations are recommended to use System Watcher, which includes a BSS module (analysis of the actions of all programs and system services installed on a computer based on malicious behavior patterns). This is included in all modern products and solutions.To stay safe, use advanced anti-malware solutions like Kaspersky Security for Business.
Also try to maintain your cybersecurity awareness by making sure you can identify phishing emails in your inbox.
Of course, simply offering powerful endpoint protection is not enough. Spear phishing, one of the most popular primary infection methods, makes strong email security a must. Kaspersky Security for Mail Servers scans incoming messages for malicious attachments and links, significantly reducing the likelihood of malware reaching its victims.
(c) https://www.kaspersky.ru/resource-center/threats/metel
