Retail trading industry targeted with malware attacks; stolen data being sold on Dark Web

• A Trojan is believed to be circulating among trading firms allowing attackers to steal information on a large scale.
• Panda Trading Systems, a tech service provider to trading firms found that the malware used was Emotet.

With malware campaigns nearly targeting every industry, retail trading firms are no exception. A recent investigation by Panda Trading Systems showed that the popular banking trojan Emotet was compromising systems associated with trading firms. Even worse, attackers behind these malware campaigns were selling stolen data on the dark web.

When the tech service provider conducted security scans on some of its customers’ computers, it found that Emotet was exfiltrating databases of marketing networks and many senior executive personnel within brokerages.

The analysis showed a typical campaign of the banking trojan where a malicious attachment (in PDF or Word document) in the spam email when executed downloads the malware.

An Organized Attack

Dikla Sheffer, Director of Business Operations at Panda Trading Systems, told Finance Magnates that these attacks were planned and perpetrated in an organized way.

“This is an organized attack on brokerages, affiliate networks, PSPs, VOIPs, and other companies operating within the retail trading industry. Once we identified the virus, we saw fit to publish a warning and share our findings, in the hope that industry colleagues will become more aware of cybersecurity dangers and take the necessary steps to protect themselves,” she said.

The company also stated that it has found other types of malware making rounds in the trading industry. On top of this, it was discovered that the attackers were selling sensitive information such as client lists, to buyers on the dark web. Many malicious sites were also disclosing confidential data as ‘downloads’.