MOSCOW, Russia–As many as 140 banks, government organizations and other companies have been compromised by “fileless” malware that allows hackers to remain undetected, according to a report by security vendor Kaspersky Lab.
According to Kaspersky, with the exception of the initial software exploit that is used to gain access to systems, the hackers revert to using standard Microsoft utilities and other open-source penetration testing tools in order to maintain a low profile. In addition, the malware never touches a computer's hard disk, and rebooting the computer erases traces of malicious activity left in memory, leaving few clues for anyone to discover.
Kaspersky said the malware is similar to that used by a cybercriminal group called Carbanak, which hit banks for more than $1 billion through fraudulent wire transfers and back-end attacks that implanted malware on ATMs. Kaspersky said it will release a full report on the latest threat at its Security Analyst Summit in April.
The names of the organizations that have been attacked have not been released, but the United States is among the countries hit, Kaspersky said, adding it launched the investigation after a client found a tool called “Meterpreter” running in memory of one of its computers. Kaspersky further theorized that the malware could be state sponsored.