Cyber Criminals Using Odinaff Trojan To Infiltrate Bank Systems

Cyber criminals are using targeting banks using a trojan dubbed Odinaff, which stealthily defrauds financial institutions by gaining control over their systems and networks.

The trojan was discovered by cyber security firm Symantec, which says it has been in undocumented use since January, likely using its discreet capabilities to remain below the radar of security professionals.

Armed with custom-built malware tools, the trojan has been designed to establish a foothold on a targeted network. Once it has done that, Odinaff can then deploy malware tools to explore the networks, steal credentials and monitor activity. The tools can also wipe infected computers to hide traces of their activity.

Odinaff can also carry another trojan called Batel as part of its payload; Batel creates a backdoor to the command and control server used by the hackers. As Batel deploys malware for in memory use, it can luck in a machine without being easily noticed.

Professional cyber crime

This stealthy operation was needed as Symantec pointed out that the Odinaff requires a high level of user interaction and control, so it is likely to have been designed by cyber criminals who which to carefully control what the trojan downloads to infiltrate a targeted network so that it does not draw attention to its presence.

The level of effort that involves suggests such attacks come from cyber criminals that have a lot to gain financially of they breach the network of a large bank.

“These attacks require a large amount of hands on involvement, with methodical deployment of a range of lightweight back doors and purpose built tools onto computers of specific interest,” the researchers wrote.

“There appears to be a heavy investment in the coordination, development, deployment, and operation of these tools during the attacks,” the researchers wrote. Although difficult to perform, these kinds of attacks on banks can be highly lucrative.”

Odinaff is set to share digital characteristics with the Carbanak trojan that also targeted targeted large financial institutions, and was used by cyber criminals.

While attacks appear to have happened worldwide, the main areas affected according to Symantec, are the USA and Japan.

Cyber criminals are using increasingly sophisticated malware to get into banks and swipe lucrative data, using all manner of vectors including cloud services such as Google Drive.

Are you a security expert? Try our quiz

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago