Marta Janus, Senior Threat Researcher at Cylance:
“Carbanak is one of the most sophisticated financial cybercrime groups of recent times. While carefully choosing potentially lucrative victims, they combine complex techniques used in targeted attacks with the effectiveness of wide-spread malware. They maintain high profitability by constantly improving and updating their toolkit to evade security solutions.
“This approach seems to mirror a recent trend in malicious software development, where the first stage backdoor responsible for the C&C communication is as small and lightweight as possible, while most of the data stealing functionalities are implemented as separate second-stage modules. This allows the attackers to maintain only a tiny piece of code running on the machine, serving as loader of additional in-memory payloads, which might be pushed and removed by the attackers at will.”