September 24, 2019

September 23, 2019

Subscribe to Latest Legal News and Analysis

FIN8 Back in Business Stealing Credit Card Information with Badhatch

Security research firm Gigamon has reported that the nasty cybercriminal group FIN8 may have reappeared in June after a two year silence. FIN8 is known for implementing malware on point of sale systems to steal credit card information and selling it on the dark web.

FIN8 appears to be back in business with a new twist on its old scheme. Dubbed “Badhatch,” the malware attack starts with customized phishing emails which deliver a malicious Microsoft Word document containing PowerShell scripts. The phishing email includes macros that users are asked to open. When the scripts are executed by FIN8, a backdoor is installed that allows FIN8 more control over the user’s system, to distribute tools to steal credit card information, such as a credit card scraper malware, which steals details of cards swiped through POS systems.

The researchers at Gigamon have outlined Badhatch from a technical standpoint, which is helpful for security folks.

Luckily, according to Gigamon, “[A]t the end of the day, the actors behind FIN8 are human and clearly fallible. While they may make rapid improvements to tools and procedures, we hope the technical and operational information shared here will help other organizations detect and disrupt FIN8 operations.”

Badhatch is designed to steal credit card information, and our experience has seen a dramatic rise in credit card scraping schemes. Those in the retail space may wish to consider taking a look at the research from Gigamon and being on the look-out for Badhatch.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...