ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

Old Cardinal RAT Malware Resurrects Through Series Of Updates

By

Nathan

Graham

WriterETHNews.com

Israeli tech companies, beware: This malware family is back after two years in hiding.

A type of malware family not seen since 2017 has resurfaced and is targeting FinTech and cryptocurrency companies in Israel, according to a March 19 blog post from cybersecurity watchdog Unit 42.

The previous version of the malware family, dubbed Cardinal RAT, employed the Carp Downloader, which uses "malicious macros in Microsoft Excel documents to compile embedded C# (C Sharp) Programming Language source code into an executable that in turn is run to deploy the Cardinal RAT malware."

According to Unit 42, the new version of the Cardinal RAT malware comes with updates and modifications that "evade detection and hinder analysis." This version of Cardinal RAT uses a variety of obfuscation techniques, including hiding malicious code in in a bitmap file. Once the victim opens the file, the malware is decrypted and begins to infect the victim's computer.

Unit 42 confirmed the updated version of Cardinal RAT infects the victim's computer by collecting victim information, updating settings, acting as a reverse proxy, executing a command, uninstalling itself, recovering passwords, downloading and executing new files, keylogging, capturing screenshots, and cleaning cookies from browsers.

According to The Next Web, in addition to nine reports from Israel of Cardinal RAT Malware attacks, there have been two in the US and one in both Japan and Austria. To protect one's personal data from malware attacks, Unit 42 suggests that individuals and companies beef up their spam filters and parental controls to "restrict use of scripting languages by malware" and not open or even allow "inbound e-mails with LNK file as attachments [or] … e-mails from external sources where the documents contain macros."

Although the Cardinal RAT malware was silent for two years, there have been quite a few malware attacks targeting the personal data of people and companies. Just last month, cybersecurity firm ESET announced it discovered malware created to steal crypto wallet addresses and personal keys infecting the Google Play store.

Nathan Graham

Nathan Graham is a full-time staff writer for ETHNews. He lives in Sparks, Nevada, with his wife, Beth, and dog, Kyia. Nathan has a passion for new technology, grant writing, and short stories. He spends his time rafting the American River, playing video games, and writing.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Cardinal RAT, Carp Downloader or other Ethereum ecosystem news.