FIN8, cybercrime group was first identified in January 2016, started to distribute Badhatch – a previously unreported form of malware used as part of the financial hacking group’s latest campaign.
The FIN8 cybercrime group typically targets point-of-sale (POS) systems with malware attacks designed to steal credit card information, which is then sold on for profit on dark web underground forums. The nature of the attacks means retailers and the hospitality sector are common targets.
Badhatch attacks begin like previous PunchBuggy FIN8 malware campaigns with customized phishing emails which deliver a malicious Microsoft Word document containing PowerShell scripts. When executed, the scripts lead to the installation of a backdoor.