FIN7 Cybercrime Gang Returns with the Lizar Backdoor

The hackers from the FIN7 cybercrime gang are best-known for their involvement in the development and usage of the Carbanak Trojan, one of the most notorious banking Trojans to be released online. Just like other financially motivated threat actors, this group also focuses on stealing financial information from its victims – they do this by employing a wide range of hacking tools and approaches. One of the latest threats to be involved in their attacks is the Lizar Backdoor.

The FIN7 hackers have opted to approach a very peculiar approach to distribute the malicious application. The criminals pretend to be part of a legitimate company involved in cybersecurity, and the Lizar Backdoor payload is advertised as a free Windows penetration-testing tool. This may sound simple, but, in reality, their approach is very sophisticated – they have even hired legitimate people to work from them without revealing that they are part of a cybercrime campaign or that the company they work for is fake.

FIN7 Hackers go after Companies in the IT, Pharmaceutical, Hospitality, and Educational Sectors

FIN7's usual targets are companies in the hospitality, restaurant, and gambling sectors. This time, however, they have opted to expand their reach a bit. The Lizar Backdoor has been found on networks involved with educational institutions, pharmaceutical companies, and a Germany-based software development company.

According to cybersecurity experts, the Lizar Backdoor is very similar to Carbanak in terms of its structure – it also consists of a core module whose functionality can be expanded with the use of plugins. Some of Lizar Backdoor's modules allow it to:

  • Execute remote commands.
  • Download and initialize a new module.
  • Grab passwords from Windows, browsers, or Remote Desktop Protocol (RDP) services.
  • Retrieve hardware, software, and configuration data about the infected system.
  • Manage running processes.
  • Use the Mimikatz tool to obtain passwords.
  • Grab screenshots.
  • Initialize additional malware (like Carbanak.)

The FIN7 hackers have caused tens of millions of dollars in damages during their campaigns, and the Lizar Backdoor is the latest hacking tool to aid them in their malicious operations. Companies can protect their networks by investing in reputable antivirus and firewall software, as well as by only communicating with trustworthy security vendors and companies.

By Ruik
May 17, 2021
Trojan
English
May 17, 2021
Trojan

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Malware

How to Remove the Vyveva Backdoor Trojan

The Vyveva Backdoor Trojan is a malicious piece of software whose development and usage is attributed to the Advanced Persistent Threat (APT) actor known as Lazarus. The Lazarus APT is behind some of the most... Read more

April 9, 2021
News

DarkSide Ransomware Gang Hits US-based Pipeline

Ransomware gangs are becoming bolder and bolder with their attacks. Just a few years ago, the majority of attacks were focused on home users, and the criminals behind them demanded a few hundred dollars in exchange... Read more

May 10, 2021
Ransomware

Lorenz Ransomware Gang Goes After Enterprises in Different Industries

High-profile ransomware gangs have been gradually switching their focus from regular users to companies and enterprises. The latest ransomware threat to adopt this approach is the Lorenz Ransomware, and,... Read more

May 17, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.