A financially motivated group of cyber criminals named FIN7 is seen to be active again and this time they are using Lizar malware. This is a backdoor which mainly targets Windows-based system and harvest all kinds of information. This tool spreads in disguise of a windows pen testing tool for ethical hackers.
What happened?
This malware is posing as a genuine organization that provides security analysis tool which appears to be legitimate.
- Multiple educational institutions, along with pharmaceutical firms has faced attacks from FIN7.
- FIN7 uses the latest version of Lizar backdoor since February which is equipped with powerful set of data retrieval and lateral movement capabilities.
The Lizar toolkit-
The Lizar toolkit is structurally similar to Carbanak and consists of a loader and various plugins for different tasks. The loader and plugins can run together on an infected system and can logically be clubbed together as the Lizar bot client.
Conclusion-
These malwares are getting upgraded with time. So, the organizations are recommended to protect themselves by ensuring proper security measures including email web gateways, anti-malware solutions. The employees can be trained to make them aware about the types of attack that the organization might face.
