Mutant Malware Able To Slip Past Antivirus Tools, Experts Warn

Cybersecurity consulting firm Akouto Consulting has a warning for businesses: There has been an increase in instances of malware able to bypass traditional antivirus measures, threatening business bank accounts.

An announcement Tuesday (Aug. 29) from Akouto warned of a “sharp” increase in the use of these new strains of malware, with small businesses some of the victims of an attack that can remain undetected despite virus scans.

“The first sign of trouble for a small business owner in Ontario was a phone call from the bank warning of suspicious money transfers that could be an indication of hackers accessing their account,” Akouto said. “All computers were checked and antivirus scans assured staff that they were virus free.”

It wasn’t until the small business owner updated cybersecurity measures that the attack was detected.

Akouto highlighted the Heodo banking Trojan as a particular example of this trend. It first emerged in March of this year, the company said, and was used mostly to steal online banking information and credentials to infiltrate bank accounts and steal money.

According to the cybersecurity firm, the malware is triggered via the business email compromise scam, in which someone is sent an email with a seemingly legitimate invoice in PDF form. Once the user clicks on the PDF file, the computer is infected and finds more email addresses to spread. The cyberattack targets devices running Windows, Akouto noted.

“The creators of Heodo spliced the code of a Trojan with that of a Worm to create a hybrid capable of stealing information, self-replicating and mutating,” explained Akouto founder Dominic Chorafakis in a statement. “Using its Trojan DNA, it constantly collects sensitive information that is transmitted back to the hackers. Using its Worm DNA it burrows through networks spreading to other computers, stealing more information and spreading even further.”

According to Bruno Macchiusi, founder of IT service provider Alpha Logistics who was quoted in the press release, a spike in this kind of attack has more companies vulnerable to malware that cannot be detected by standard antivirus solutions.

“Identifying the breach was only half the battle,” Macchiusi said of one case. “Once infected computers were isolated, the challenge was to find all of the mutations on each system before it could be returned to the client’s network. It took products from eight different antivirus vendors and specialized monitoring to finally identify the specific combination of tools and steps needed to completely eradicate the Trojan.”