A new variant of Houdini Malware is making the rounds. Through a combination of phishing tactics and link clicks, it tries to install and scrape bank account details via keylogging. As always, use caution when checking emails “from your bank.”
The Houdini worm itself isn’t new, and technically it’s a RAT, not a worm. But recently the Cofense Phishing Defense Center identified a new variant targeted at stealing online banking credentials. The attackers converted the original code from a Visual Basic setup to Javascript and started a phishing campaign earlier this month.
Targets receive an email purporting to be from their bank with instructions to click a link to finish a financial transaction. Clicking the link leads to a download of malware which includes a keylogger, a mail credential viewer, and a browser credential viewer. Even these parts of the software are unoriginal and taken from elsewhere. The goal here is maximum damage for minimum effort.
Once the malware is on your system, it tries to steal your bank login info and pass that back to the attackers. They’ll, in turn, use your credentials to make fraudulent purchases.
The age-old advice of being careful what you do in email applies here. If your bank ever does email you with a message or issue, don’t click on the links in the email. Instead, open a browser and navigate directly to your bank’s website. Or call your bank.
No bank (or realistically any institution) will email you and ask for information it should already know. But unfortunately, they do email you with information about recent transactions and include links to websites. It’s best to avoid clicking on those links and browse to your bank’s site manually.