Geeks for your information News Privacy & Security News v
FIN7 Backdoor Masquerades as Ethical Hacking Tool
FIN7 Backdoor Masquerades as Ethical Hacking Tool
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  15 May 21, 08:50
Quote:The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers.
 
According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a security-analysis tool. They go to great lengths for verisimilitude, researchers said: “These groups hire employees who are not even aware that they are working with real malware or that their employer is a real criminal group.”
 
Since 2015, FIN7 has targeted point-of-sale systems at casual-dining restaurants, casinos and hotels. The group typically uses malware-laced phishing attacks against victims in hopes they will be able to infiltrate systems to steal bank-card data and sell it. Since 2020, it has also added ransomware/data exfiltration attacks to its mix, carefully selecting targets according to revenue using the ZoomInfo service, researchers noted.
 
Its choice of malware is always evolving, including occasionally using never-before-seen samples that surprise researchers. But its go-to toolkit has been Carbanak remote-access trojan (RAT), which previous analysis shows is highly complex and sophisticated compared with its peers: It’s basically a Cadillac in a sea of golf carts. Carbanak is typically used for reconnaissance and establishing a foothold on networks.
 
Lately, though, BI.ZONE researchers have noticed the group using a new type of backdoor, called Lizar. The latest version has been in use since February, and it offers a powerful set of data retrieval and lateral movement capabilities, according to an analysis published on Thursday.
 
“Lizar is a diverse and complex toolkit,” according to the firm. “It is currently still under active development and testing, yet it is already being widely used to control infected computers, mostly throughout the United States.”
 
Victims so far have included attacks on a gambling establishment, several educational institutions and pharmaceutical companies in the U.S., along with an IT company headquartered in Germany and a financial institution in Panama.

Read more: FIN7 Backdoor Masquerades as Ethical Hacking Tool | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
K-Lite Codec Pack 19.4.5 / 19.4.8 Update
Changes in 19.4.8 ...harlan4096 — 07:29
Antivirus Removal Tool 2026.02 (v.1)
An updated version...harlan4096 — 07:28
AMD suggests it may open-source FSR 4 a...
AMD still has nothin...harlan4096 — 17:21
Intel Arc G3 Panther Lake series for han...
Intel G3 with LPDD...harlan4096 — 07:32
Core Ultra 7 270K Plus and Ultra 5 250K...
Intel reportedly ‘ca...harlan4096 — 11:27

[-]
Birthdays
Today's Birthdays
avatar (41)svoyaEnuct
Upcoming Birthdays
avatar (47)hapedDow
avatar (46)komriwat
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (50)neuthrusBub
avatar (30)script6027529171
avatar (46)myhotseeve
avatar (46)Edwinmub
avatar (46)dimaWeami
avatar (39)TranoTymn
avatar (39)MezirLal
avatar (50)listfquoto
avatar (46)dima6sarPrave
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
There are no staff members currently online.

>