Carbanak, a notorious banking malware active since at least 2014, has resurfaced with new ransomware tactics. According to an analysis by NCC Group, Carbanak has evolved to incorporate diverse attack vectors, enhancing its effectiveness. It now uses compromised websites to distribute malware, often impersonating popular business-related software like HubSpot, Veeam, and Xero. Originally known for its data exfiltration and remote control capabilities, Carbanak has been a tool for the FIN7 cybercrime syndicate. The latest attacks involve hosting malicious installer files on these compromised websites, appearing as legitimate utilities to deploy Carbanak. This resurgence is significant in the context of the increasing ransomware attacks, with 442 incidents reported in the last month, contributing to a yearly total of 4,276 cases. The attacks predominantly targeted the industrial, consumer cyclical, and healthcare sectors, with the majority occurring in North America, Europe, and Asia.

Relevant URL: