Researchers at Kaspersky Lab, a computer security company, have revealed that they have re-detected malware that has infected networks belonging to 140 banks as well as other companies.
Kaspersky has said that this malware is able to remain invisible and the attackers have covered their tracks by wiping their activity from the machine’s memory before it is rebooted.
It hides itself in the computer’s memory to avoid detection and researchers say they do not know who is behind it.
Once the hackers have this information, the researches claim that the attackers had access to the machines.
Kaspersky said: “The use of open source exploit code, common Windows utilities and unknown domains makes it almost impossible to determine the group responsible – or even whether it is a single group or several groups sharing the same tools.”
The company found out that the code had been combined with a number of scripts that had been transformed into malicious codes to collect the passwords of system administrators in an invisible way.
Therefore, the cyber attackers would be able to remotely control their victims’ system and access their financial information.
According to Kaspersky, 140 banks could have been attacked by hackers with the criminals using legal tools to exploit the computers and inject malware.
The 140 organisations that have been affected are from 40 different countries, including the United States, France, Ecuador, Kenya and the UK.
The attackers used books to collect passwords from system administrators.
Kapersky Lab believes that the perpetrators could be after sensitive information.
Sergey Golovanov, Principal Security Researcher at Kaspersky Lab, said: “The determination of attackers to hide their activity and make detection and incident response increasingly difficult explains the latest trend of anti-forensic techniques and memory-based malware.”
The research on the hack will be analysed until April by Sergey Golovanov and Igor Soumenkov with the results due to be presented at the Global Security Analyst Summit.
In January, Russia arrested the head of computer incidents investigations unit Ruslan Stiyanov and charged him with treason.