New research by FireEye’s Mandiant group shows that the infamous FIN7 cybercrime group is using new hacking tools in order to target ATMs produced by NCR Corporation. The new tools include a malware dropper called BOOSTWRITE that is designed to deliver multiple payloads. The malware delivered by BOOSTWRITE consists of Carbanak, a backdoor that FIN7 has used in previous campaigns, and a new remote access Trojan (RAT) dubbed RDFSNIFFER.
FIN7 has been active since at least 2015. Various members of the hacking group were arrested last year, but the group never ceased its operations and has actually continued to adopt new tools and techniques.
Read more: FIN7 Hackers Load New RAT Malware Into ATM Maker’s Software