According to security company F5 Labs, the Ramnit Trojan has refocused its efforts on the financial sector. The Trojan also had this sector in mind at first, but later focused much more on e-commerce.
F5 Labs says it has seen a strong increase in malware in February and March. According to the company, it seems that the makers are making use of the peak pressure around tax returns in various countries.
Ramnit is of original a trojan who focused on the financial sector, which it continued to focus on until last year’s holidays. In July last year, WatchGuard reported that the Trojan seemed to be making a comeback and was for the first time in the top ten threats. During the holidays of 2018, however, Ramnit’s attention shifted to a large extent to American webshops.
Back in Europe
According to F5 Labs, the Trojan is now back in Europe, especially in Italy. This was already the case last year: 98.9% of the attacks were directed at Italy, and in particular at the bank details of the country’s citizens. In March this year, 40 percent of all attacks on Italian financial services and sites were caused by Ramnit.
The Trojan was also often seen in the United Kingdom and France. 70% of the targets were European, 27% American. Attacks with the Ramnit Trojan have also been reported in the Netherlands.
In addition, social media sites are among the targets, although according to F5 Labs this is in lesser sizes. Twitter, Facebook, Tumblr and YouTube were heavily attacked by the malware in February and March.
Ramnit’s configuration also appears to be constantly changing, including scaling web injection tactics to attack websites. Attacks were also focused on words instead of specific companies or sites. According to F5 Labs, attackers hope to hit random sites in this way as well.
Ramnit also focused on the name of an Italian opera and several misspelled domain names.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.