Trojan PDF reader malware in SWIFT Systems

trojan pdf reader

What is SWIFT

Society for Worldwide Interbank Financial Telecommunication popularly known as SWIFT system is a global messaging network used by 11,000 financial organisations to communicate securely and is used to move billions of dollars every day.

Bangladesh Bank Cyber Heist

The Bangladesh Bank cyber heist occurred in early February. Unidentified hackers attempted to steal $951 million from the central bank’s account at the Federal Reserve Bank of New York and channel the funds to accounts in the Philippines and Sri Lanka. The New York bank halted transfers worth $850 million when criminal activity was detected. A receiving bank in Sri Lanka also rejected a $20 million transfer because the beneficiary’s name was misspelled.

The remaining $81 million was wired to four accounts at a branch of Rizal Commercial Banking Corporation in the Philippines and transferred to a single account at the same bank for laundering through casinos in the Philippines.

Vietnamese Bank

Months after Bangladesh’s central bank lost $81 million in a massive cyber heist, SWIFT, the global financial messaging service, reported on Friday a similar malware attack on another bank,However BAE Systems, a U.K. defence, aerospace, and security company reported on its threat research blog that a Vietnamese commercial bank was the target.

Trojan PDF Reader

In the case of Vietnamese Bank attackers had also used a kind of malware called a “Trojan PDF reader” to manipulate PDF reports confirming the messages in order to hide their tracks.

In particular, attackers are targeting banks that they know receive PDF reports of payment confirmations. After it’s installed the malware mimics the actual PDF reader. Once the user opens a PDF report, the Trojan PDF reader manipulates the reports to “remove traces of fraudulent instructions.” The fact that the attackers are familiar with the banks enough to know they use PDF readers to verify SWIFT messages suggest they either have an inside source at the bank, or have somehow attained knowledge of the bank’s inner workings

 

Share the News

Leave a Reply

Your email address will not be published. Required fields are marked *