Menu
Attack campaign uses keylogger to hijack key business email accounts

Attack campaign uses keylogger to hijack key business email accounts

Companies from 18 countries were targeted with the Olympic Vision keylogger, researchers warn

A new email-based attack campaign is targeting key employees from companies in the U.S., Middle East and Asia with the goal of compromising their computers and email accounts.

This type of attack is known as business email compromise (BEC) and involves attackers hijacking the email accounts of business executives or accounting employees who typically authorize financial transactions inside organizations.

Their hijacked email accounts can then be used to trick other employees, suppliers or business partners to initiate fraudulent payments to accounts controlled by the attackers.

Security researchers from antivirus firm Trend Micro recently detected an attack against companies from 18 countries where key employees were targeted with emails that contained a commercial keylogger program called Olympic Vision.

The rogue emails masqueraded as messages from business partners pertaining to recent bank transfers and invoices with alleged errors. Instead of real documents, the emails had the Olympic Vision keylogger attached.

This malware program is not very sophisticated, but for the purpose of these attacks it doesn't need to be. A toolkit to customize and generate the malicious installer can be acquired for as little as $25 on the black market.

Once installed on a computer, Olympic Vision steals information about: the system configuration; log-in credentials saved in browsers, email clients, FTP programs and instant messaging applications; key strokes; network information; clipboard images and text. It can also take screen shots.

This information helps attackers to identify valuable computers, gain access to email accounts and understand the internal accounting workflows of the targeted companies. They can then use the information to convince others to initiate fraudulent payments.

"We looked at the trail of Olympic Vision keyloggers being used in the wild to check for organized activity, and were able to trace the identities of the actors, and positively identified two Nigerian cybercriminals -- one operating from Lagos, and the other from Kuala Lumpur," the Trend Micro researchers said in a blog post.

Business Email Compromise has become a serious issue over the past two years, the FBI estimating that businesses worldwide have lost over a billion dollars to such scams. Reports earlier this year claimed that Belgian bank Crelan lost 70 million euros and Austrian airplane parts manufacturer FACC Operations lost 50 million euros following BEC attacks.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Reseller News ICT Industry Awards 2017 - Meet the winners...

Reseller News ICT Industry Awards 2017 - Meet the winners...

Reseller News honoured the industry’s finest on a standout evening for the New Zealand channel, recognising the achievements of established and emerging partners on a memorable night in Auckland.

Reseller News ICT Industry Awards 2017 - Meet the winners...
Show Comments