Olympic Vision Keylogger Spread via BEC Scams in 18 Countries

Posted on

Olympic Vision is an advanced threat that can steal key strokes, clipboard data, and user credentials.Cyber-criminal groups are using a combination of BEC (Business Email Compromise) scams and advanced keyloggers to target, scan, and steal data from 18 countries around the world.

At the core of this attack is a new malware family with keylogging and info-stealing capabilities, which the Trend Micro researchers have named Olympic Vision.

Available on the Dark Web for as much as $25 (€22), this keylogger can do a lot of things, such as log key strokes, record and steal data from the clipboard, take desktop screenshots, and extract passwords from browsers, email, and FTP clients.

Olympic Vision is spread around via BEC scams

To spread it around, the criminals were launching precise email campaigns aimed at key employees inside their targeted companies.

Known as BEC scams, and sometimes as whaling attacks or CEO fraud, these emails are crafted to look like they’re coming from a business partner or another company employee.

Each email had a file attached, and in this particular campaign, it was the Olympic Vision keylogger, which would execute, collect data, and send it to the attacker.

The criminals would then sift through the logs and decide what company computer to attack, based on the data they stole from each, separating uninteresting workstations from the ones sitting on some manager’s desk or the company’s financial department.

Campaign targeted European, North American, and Asian companies

Targeted countries were spread equally around the globe, with attackers having hit China, India, Indonesia, Malaysia, Thailand, Canada, United States, Germany, Iran, Iraq, Netherlands, Qatar, Saudi Arabia, Slovakia, Spain, United Arab Emirates, United Kingdom, and Zimbabwe.

This is not the first time keyloggers have been used together with BEC scams, with Trend Micro having previously reported on other threats such as Predator Pain, Limitless, and HawkEye.

According to Mimecast, a cyber-security vendor specialized in email security, BEC scams rose 55% in 2015 compared to the previous year.

Olympic Vision control panel

Olympic Vision control panel

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s