Back to Blog

Israeli Fintech Firms Targeted by Cardinal RAT Malware

March 22, 2019

By: mirabiliscorp

According to a blog post from threat research department Unit 42 of cyber security company Palo Alto Networks published on March 19, an upgraded cardinal RAT malware targets Israeli fintech companies that work with forex and crypto trading.

Since April 2017, Cardinal RAT has been identified when examining attacks against two Israel-based fintech companies engaged in developing forex and crypto trading software. Per the report, Unit 42 first encountered an older version of the malware in question, the software is a Remote Access Trojan (RAT), allows the attacker to remotely take control of the system.

This updated malware hinders its analysis and evades detection. The researchers explain the complicated techniques employed by the malware, though the payload does not vary significantly compared to the original in terms of modus operandi or capabilities.

The malware acts as a reverse proxy and collects victim data, executes commands, updates the settings, and even uninstalls itself. It then recovers passwords, logs keypresses, downloads and executes files, captures screenshots, updates itself and cleans cookies from the browsers. Unit 42 noted the malware attacks employing who is engaged in forex and crypto trading, and based in Israel.

A possible connection between Cardinal RAT and a JavaScript-based malware called EVILNUM was discovered. The research team feels that it is used in attacks on similar organizations. When looking at files submitted by the same customer Unit 42 reportedly identified EVILNUM. It proves somewhat like that this malware is used in attacks against fintech organizations.


Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

Follow us


Contact Us
First Name*
Last Name*
Mobile Number*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
I agree to the Privacy Policy and Terms of Service.