Marap – New Malware Being Used to Target Financial Institutions

  • 256
  •  
  •  
  •  
  •  
  •  
  •  
    256
    Shares

Researchers from Proofpoint have found a malware dubbed Marap that is being used to target large enterprises and financial institutions. The design of the malware can be utilised to deliver additional malware in future attacks.

Proofpoint has reported a lot of email campaigns in August which contained messages with the sole intention of spreading Marap malware:

“Proofpoint researchers lately discovered a new downloader malware in a fairly large campaign (millions of messages) essentially targeting financial institutions. The malware, dubbed “Marap” (“param” backwards), is notable for its focused functionality that includes the ability to download other malicious code modules and payloads.” reads the analysis published by Proofpoint.

The attacks are being distributed by a cyber gang named TA505. The hackers tried to spread it by using Microsoft Excel Web Query files and password protected ZIP files. The name Marap comes with the Command and Control (C&C) phone home parameters “param”.

Marap malware uses HTTP for C&C communication but uses a lot of WinHTTP functions to determine whether the malware requires a proxy. Experts have also found a URL from where the module is being downloaded from. It contained an internal DLL file named mod_Init.dll which was written in C.

Take your time to comment on this article.

The following two tabs change content below.
Avatar
I am a programmer and tech enthusiast who loves to use my creative skills to solve complex problems. I also love to stay abreast of what is happening in the world of technology, reach me at: [email protected]
Avatar

Harikrishna Mekala

I am a programmer and tech enthusiast who loves to use my creative skills to solve complex problems. I also love to stay abreast of what is happening in the world of technology, reach me at: [email protected]

Do NOT follow this link or you will be banned from the site!