Attack campaign uses keylogger to hijack key business email accounts

Companies from 18 countries were targeted with the Olympic Vision keylogger, researchers warn

A new email-based attack campaign is targeting key employees from companies in the U.S., Middle East and Asia with the goal of compromising their computers and email accounts.

This type of attack is known as business email compromise (BEC) and involves attackers hijacking the email accounts of business executives or accounting employees who typically authorize financial transactions inside organizations.

Their hijacked email accounts can then be used to trick other employees, suppliers or business partners to initiate fraudulent payments to accounts controlled by the attackers.

Security researchers from antivirus firm Trend Micro recently detected an attack against companies from 18 countries where key employees were targeted with emails that contained a commercial keylogger program called Olympic Vision.

The rogue emails masqueraded as messages from business partners pertaining to recent bank transfers and invoices with alleged errors. Instead of real documents, the emails had the Olympic Vision keylogger attached.

This malware program is not very sophisticated, but for the purpose of these attacks it doesn't need to be. A toolkit to customize and generate the malicious installer can be acquired for as little as $25 on the black market.

Once installed on a computer, Olympic Vision steals information about: the system configuration; log-in credentials saved in browsers, email clients, FTP programs and instant messaging applications; key strokes; network information; clipboard images and text. It can also take screen shots.

This information helps attackers to identify valuable computers, gain access to email accounts and understand the internal accounting workflows of the targeted companies. They can then use the information to convince others to initiate fraudulent payments.

"We looked at the trail of Olympic Vision keyloggers being used in the wild to check for organized activity, and were able to trace the identities of the actors, and positively identified two Nigerian cybercriminals -- one operating from Lagos, and the other from Kuala Lumpur," the Trend Micro researchers said in a blog post.

Business Email Compromise has become a serious issue over the past two years, the FBI estimating that businesses worldwide have lost over a billion dollars to such scams. Reports earlier this year claimed that Belgian bank Crelan lost 70 million euros and Austrian airplane parts manufacturer FACC Operations lost 50 million euros following BEC attacks.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?