Eine neue Schadsoftware „PureLocker“ wird der Gruppierung „FIN6“ zugeschrieben.
Diese Gruppierung, nicht zu verwechseln mit „FIN7“ (alternativ: „Carbanak Group“), ist für das Kompromittieren von Kreditkarten-Abrechnungssystemen von Web-Shops und dem Weiterkauf der Kreditkarten-Daten in Untergrund-Foren bekannt.
Da sich aktuell wieder Angriffe auf Webseiten von Web-Shops häufen, wollen wir dringend auf diese Gefahren hinweisen. Ein wichtiger Hinweis: In manchen Fällen attackieren unterschiedliche Gruppen die Web-Shops gleichzeitig, um die Kreditkartendaten der Kunden zu stehlen.
We have found a new and undetected ransomware threat that is being used for targeted attacks against production servers of enterprises. Using code reuse analysis, we discovered this threat is closely related to the “more_eggs” backdoor malware, which is sold on the dark web by a veteran MaaS provider and has been used by the Cobalt Gang, FIN6, and other threat groups. While the samples we analyzed are for the Windows platform, we have noticed that the group operating this ransomware is also employing a Linux variant in order to attack the Linux infrastructure of its targets. We have named this ransomware PureLocker because it’s written in the PureBasic programming language. As part of our analysis, we have identified the evasion methods and design features that have allowed this ransomware to remain under the radar for several months. Below we present our findings through a technical analysis of the malware samples.
https://www.intezer.com/blog-purelocker-ransomware-being-used-in-targeted-attacks-against-servers/
