We all remember Kronos—the malicious malware that was sold by Russian underground forums in 2014 for $7,000. If you bought it, you were promised updates and development of new modules.
The Kronos developers recently released a new update (dubbed Osiris), which is presently attacking individuals in Germany, Japan, and Poland, with the U.S. in the queue.
This week, Securonix researchers published research indicating that Osiris uses phishing campaigns and fraudulent emails that contain Microsoft Word documents or attachments with macros that when dropped or opened, may exploit a vulnerability in Microsoft Office Equation Editor Component, which was discovered in 2017. Microsoft has issued a patch to address the vulnerability. If the patch has not been implemented, Osiris can introduce arbitrary code that can be used by the thieves to steal data, including when individuals are accessing their online banking account.
If infected, the malware modifies the Windows registry to inject malicious code into browsers, so when an individual visits his or her bank domain, a man-in-browser attack is launched. It can then introduce keylogging in order to obtain the user’s bank credentials, thereby allowing the thieves to divert funds posing as the user.
Online banking customers are at risk, and being aware of the malware, as well as utilizing good cyber hygiene and vigilance is important as new variants are introduced into the environment.