A new debit-card-stealing malware is targeting Iranian Microsoft Windows users and the attack is turning into an epidemic.
A government agency affiliated with the Telecom Ministry, Iran Computer Emergency Response Team Coordination Center (Iran CERTCC) has reported the attack on its website. It is yet to report the number of users that have been harmed.
According to the agency, the malware can get access to users’ online payment information and passwords.
For cybercriminals to gain access to data, they download a type of malicious software onto a computer. This is often done by getting a victim to click on a link or download it by mistake.
CERTCC has reported that the downloaded file is named ‘E-Dadsara’ (e-judiciary in Persian). When users click on the file, without noticing it they authorize the malware to record all of their activities.
The malware will collect data on the user, including keyboard input and online activities. Based on the gathered data, criminals can access users’ bank accounts and empty them within seconds.
This is the second cyber attack targeting local Microsoft Windows users in less than a week. On Oct. 23 CERTCC reported a ransomware attack named Tyrant.
After being hit by the attack, users receive a message in Persian, which reads as follows, “You have been infected by Tyrant ransomware. All the files and data stored on this device have been encrypted.”
After seeing the message, users have 24 hours to pay $15 to the hackers in the form of WebMoney, an online cryptocurrency. The message also includes instructions in Persian about using electronic money.
In case users do not comply with the hackers’ demands, the files will be eliminated.
Precautions
Simply put, it is impossible to prevent hackers from launching an attack. However, some precautions can reduce the risk of infection.
For instance, attackers need to download the malware onto a computer or smart device and then install it. They do this by using compromised emails and websites. Experts warn people to always be wary of unknown emails and never click on links whose source they do not recognize. It is also recommended to install an antivirus and keep it updated.
Users also need to review their debit-card account statements regularly and report any unauthorized transaction to their card issuer immediately. Users can activate an online billing system with local banks, through which they will receive an email whenever a transaction is made. The service is also offered through text messages. Keeping an eye on the reports can help users detect suspicious transactions if any.
Computer users in Iran can email cert@certcc.ir or call the following numbers in case their operating system gets infected by a malware 021-22115950 or 021-4265000.
