Explorer

FASTCash, A Major Financial Attack Malware, Has Now Evolved To Target Emails, Linux Systems: Here's What You Should Do

Originally designed to compromise payment systems, FASTCash manipulates transaction processes, particularly targeting card authorisations, allowing hackers to approve fraudulent withdrawals.

A notorious group of North Korean hackers has upgraded their FASTCash malware to infect Linux-based systems, enabling unauthorised cash withdrawals from financial institutions. The latest version targets Ubuntu 22.04 LTS, according to cybersecurity expert HaxRob as reported by Bleeping Computer, marking a shift from earlier variants that only affected Windows and IBM AIX (Unix) platforms.

It should also be noted that FASTCash has also evolved to target Windows platforms through phishing emails.

Evolution Of FASTCash Malware

Originally designed to compromise payment systems, FASTCash manipulates transaction processes, particularly targeting card authorisations, allowing hackers to approve fraudulent withdrawals. Previously detected on Windows and IBM AIX systems, this new Linux variant has added another layer of complexity to an already dangerous malware.

A History Of Financial Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) first warned of the FASTCash ATM scheme in 2018, attributing it to the North Korean hacking group 'Hidden Cobra.' Since 2016, these cybercriminals have been executing coordinated attacks across 30 countries, netting millions in fraudulent withdrawals from ATMs. 

In 2020, the US Cyber Command reported renewed FASTCash activity linked to APT38, also known as Lazarus Group. By 2021, US authorities indicted three North Korean individuals accused of stealing over $1.3 billion from financial institutions globally.

New Linux Variant

The latest discovery, first uploaded to VirusTotal in mid-2023, mimics previous iterations but specifically targets Ubuntu Linux systems.

The malware injects itself into payment switch servers via a shared library, using the 'ptrace' system call to intercept ISO8583 messages — the protocol used for card transactions.

By altering responses that would typically decline a transaction due to insufficient funds, FASTCash fraudulently approves withdrawals.

What Can You Do To Protect Yourself?

  • Beware of Phishing: Always verify email senders and avoid downloading suspicious attachments
  • Monitor Systems Closely: Report any unusual transaction behaviours immediately
  • Keep Software Updated: Ensure all devices are running the latest security patches
  • Secure Financial Systems: Implement strong authentication methods for remote access.

As FASTCash evolves, financial institutions worldwide are urged to ramp up their defences and remain vigilant against these sophisticated cyber threats.

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

Why Did We Wait For AQI To Cross 300?: SC Questions Delhi Govt Over Delay In Anti-Pollution Curbs
Why Did We Wait For AQI To Cross 300?: SC Questions Delhi Govt Over Delay In Anti-Pollution Curbs
GRAP Stage 4 In Delhi-NCR: What’s Allowed And What’s Not From Monday As AQI Hits 'Severe+'
GRAP Stage 4 In Delhi-NCR: What’s Allowed And What’s Not From Monday As AQI Hits 'Severe+'
Delhi Sees Worst Air Quality Of This Season As AQI Nears 500, Visibility Drops Further
Delhi Sees Worst Air Quality Of This Season As AQI Nears 500, Visibility Drops Further
Kailash Gahlot Likely To Join BJP Today A Day After Quitting Arvind Kejriwal-led AAP
Kailash Gahlot Likely To Join BJP Today A Day After Quitting Arvind Kejriwal-led AAP
Advertisement
ABP Premium

Videos

Breaking News: Supreme Court Hears Case on Rising Pollution Levels in Delhi | ABP NewsBreaking News: Atishi Blames Central Government for Rising Air Pollution, Urges Action on Stubble Burning'BJP and RSS Are Venomous Snakes,' Mallikarjun Kharge's Statement Sparks Political Heat | ABP NewsManipur News: Curfew Imposed Across 7 Districts, Internet Services Suspended | ABP News

Photo Gallery

Embed widget