Asian and African banks being attacked using a zero-day vulnerability: Kaspersky

CIOL Writers
New Update
CIOL Asian and African banks being attacked using a zero-day vulnerability: Kaspersky

The state of cyber-security across globe demands our urgent attention. Be it banks or corporate houses or individuals, increasing numbers are falling prey to hackers and cyber-attacks every passing day. In its latest research, Kaspersky has found that out of many attacked territories, Asian and African Banks are being attacked using zero-day vulnerability.


A Zero-day exploit is a malicious program allowing additional malware to be silently installed. According to Kaspersky report, the criminals have been using the exploit with InPage text editor, a software package used by Urdu- and Arabic-speaking people and organizations around the world.

The exploit is delivered to the victim via a spear-phishing email with the infected document attached. Upon successful exploitation of the vulnerability, the malware reports to a command and control server and then downloads legitimate remote access tools. In some cases, it downloads malware based on the source code of the infamous banking trojan Zeus. This set of tools is typical for financial cybercriminals.

Attacked organizations identified by Kaspersky Lab researchers are located in Myanmar, Sri-Lanka and Uganda. However, researchers are not yet fully aware of any actual incidents involving the theft of money as a result of infections using the InPage exploit.


Denis Legezo, a security expert at Kaspersky Lab GReAT said, “The use of vulnerabilities in specific software with a relatively low global presence and a very narrow target audience is an easy-to-understand tactic. The attackers adjust their tactics to their target’s behavior by developing exploits for custom software which doesn’t always receive the kind of scrutiny that big software companies apply to their products. Since local software is not a common target of exploit writers, vendors are not very responsive to vulnerability reports and existing exploits remain workable for a long time.”

Kaspersky suggests financial organizations check their systems for the presence of these threats and to implement the following measures:

• Make sure you have a corporate-grade internet security suite capable of catching exploits generically, such as Kaspersky Endpoint Security for Business.

• Instruct your staff not to open attachments or URLs in emails sent from unknown sources.

• Use the most recent versions of software on endpoints in your company. Avoid using software known to be vulnerable. To automate these tasks use Vulnerability Assessment and Patch Management solutions.

• Educate your staff in cyber security.

cyber-security cyber-attacks