Some hacking groups are state-sponsored and thus do the bidding of their governments in various campaigns targeting political and business sectors. Other hacking groups are autonomous and usually tend to be financially-motivated entirely. An example of the latter is the Carbanak Group (also referred to as FIN7), which is a group of shady individuals who have managed to wreak havoc all around the world over the years and cause damages in the hundreds of millions of dollars. Malware experts have detected a new tool that has been employed by the Carbanak Group, the RDFSNIFFER, recently. This hacking tool can be classified as a RAT (Remote Access Trojan) and seems to be utilized mainly as a second-stage payload with the assistance of the BOOTSWIRE Trojan loader, which is another tool that is present in the Carbanak Group’s arsenal.
Targets Machines Running the NCR Aloha Commander Toolset
The RDFSNIFFER RAT is not like most threats of this kind. This Remote Access Trojan is rather picky, as it has been designed to target only machines running a specific software tool, the NCR Aloha Commander Toolset. This application is often used by technicians working in the support sector. The RDFSNIFFER RAT plants its code in the memory of legitimate Dynamic link-libraries along with the processes to remain under the radar of security software, which may be present on the system. Once this has been completed, the RDFSNIFFER Trojan will continue the attack by taking over key features and sessions of the NCR Aloha Command Center Client. By doing this, the attackers will be able to take control of the application.
Apart from targeting the NCR Aloha Commander Toolset specifically, the RDFSNIFFER RAT has several other characteristics. This threat can execute unauthorized commands on the infected machine. It also can execute files on the host. The RDFSNIFFER RAT also can tamper with the system to wipe out files present on the compromised computer.
Hacking groups like the Carbanak Group tend to let normal users be and go after bigger fish like large businesses as this guarantees them more profit. It is also clear that the Carbanak Group does not intend to halt their activity any time soon since they continue developing new hacking tools like RDFSNIFFER.
Do You Suspect Your PC May Be Infected with RDFSNIFFER & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like RDFSNIFFER as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.