RDFSNIFFER Description

Some hacking groups are state-sponsored and thus do the bidding of their governments in various campaigns targeting political and business sectors. Other hacking groups are autonomous and usually tend to be financially-motivated entirely. An example of the latter is the Carbanak Group (also referred to as FIN7), which is a group of shady individuals who have managed to wreak havoc all around the world over the years and cause damages in the hundreds of millions of dollars. Malware experts have detected a new tool that has been employed by the Carbanak Group, the RDFSNIFFER, recently. This hacking tool can be classified as a RAT (Remote Access Trojan) and seems to be utilized mainly as a second-stage payload with the assistance of the BOOTSWIRE Trojan loader, which is another tool that is present in the Carbanak Group’s arsenal.

Targets Machines Running the NCR Aloha Commander Toolset

The RDFSNIFFER RAT is not like most threats of this kind. This Remote Access Trojan is rather picky, as it has been designed to target only machines running a specific software tool, the NCR Aloha Commander Toolset. This application is often used by technicians working in the support sector. The RDFSNIFFER RAT plants its code in the memory of legitimate Dynamic link-libraries along with the processes to remain under the radar of security software, which may be present on the system. Once this has been completed, the RDFSNIFFER Trojan will continue the attack by taking over key features and sessions of the NCR Aloha Command Center Client. By doing this, the attackers will be able to take control of the application.

Other Capabilities

Apart from targeting the NCR Aloha Commander Toolset specifically, the RDFSNIFFER RAT has several other characteristics. This threat can execute unauthorized commands on the infected machine. It also can execute files on the host. The RDFSNIFFER RAT also can tamper with the system to wipe out files present on the compromised computer.

Hacking groups like the Carbanak Group tend to let normal users be and go after bigger fish like large businesses as this guarantees them more profit. It is also clear that the Carbanak Group does not intend to halt their activity any time soon since they continue developing new hacking tools like RDFSNIFFER.