Russian Companies infected by a virus masquerading as accounting documents
In September, Russian companies faced the problem of malicious software disguised as accounting documents. The launch of the virus led to leaks of personal data of users and the connection their computers to the botnet. Check Point company claims that 15.3% of Russian Internet users received such letters only in a month.
According to Check Point, the Pony malware has been activated since the beginning of the business season, in September, and was in second place on the list of the most active malware by the end of the month.
The company said that Pony was distributed via email through malicious EXE files simulating accounting requests. Topics and titles of such letters were called something like this: “Closing documents Tuesday” and “Documents September”. Pony is able to steal user credentials, monitor system and network operations, install additional malware and turn devices into a botnet.
Specialists of Rostelecom-Solar recorded in September phishing emails with similar titles, confirms Igor Zalevsky, the head of the Solar JSOC incident investigation department.
“The simplest and most effective defense against such attacks is content filtering on the mail gateway. It is necessary to stop sending executable files of any format by e-mail,” emphasizes Mr. Zalevsky.
Attacks like Pony are standard practice, said Vladimir Ulyanov, the head of the Zecurion analytical center. According to him, such malware is easier to monetize because accountants work with important data, but are not always well aware of information security risks.
“All companies work with closing documents, but not all employees know what these documents look like,” explains Mr. Ulyanov.
The expert is sure that it is necessary to deal with such attacks and raising staff awareness.
Pony belongs to spyware, and it is included in the top 3 types of malicious software used by cybercriminals. So, according to the rating, Cryptoloot is in the first place in the top of the most aggressive malware in Russia, which uses other people’s computers and their resources for mining cryptocurrencies. The XMRig malware is in third place, which is also used for mining.