The findings of a massive cybercrime operation impacting a Brazilian bank were released this week by security researchers at the Security Analyst Summit.
Kaspersky Lab’s Fabio Assolini and Dmitry Bestuzhev uncovered the compromise of a Brazilian bank’s operations which resulted in taking over the financial institutions 36 domains, corporate email and DNS, according to a Threat Post report.
Discovered on October 22, the researchers first believed the attack was a run-of-the-mill site hijack, but quickly realized the extent of the attack. Once compromised, the bank’s website would serve up malware to all site visitors – a Java file located in a .zip archive that would be loaded into the index file. By controlling the site’s index file, the attackers could inject an iframe that would redirect bank customers to a website that exposed them to the Java file containing the malware.
“All 36 of bank domains were under the attackers’ control, including the online, mobile, point-of-sale, financing and acquisitions, and more,” the report said.