cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Ilan_Meller_153
Historic F5 Account

Slave is a financial malware written in visual basic. It was first seen around March 2015 and has undergone a significant evolution. Slave conducts its attack by hooking the Internet browser functions and manipulating their code for various fraudulent activities. This manipulation can be used for fraudulent activities such as credentials theft, identity theft, IBAN swapping and fraudulent fund transfers.

Two weeks before the discovery of ‘Slave’, the F5 research team analyzed an unknown malware variant that was used for swapping IBAN numbers – a technique used by fraudsters to swap the destination account number before a funds transfer takes place. Static analysis has shown a strong relationship between the two malware samples, implying that ‘Slave’ started out with a simple IBAN swap capability and later advanced to more advanced capabilities such as persistency and Zeus-style webinjects.

 

 

0151T000003d6H8QAI.png

 

If you want to deep-dive into the ‘Slave’ internals click here to read the full technical Malware Analysis Report by F5 SOC.

---
Editors Note : F5 and DevCentral do not condone the usage of the term ‘slave’ in the context of our technology. In this case the term ‘slave’ is a name, used to specify a particular piece of malware. We believe removing or changing the term, here, would only cause confusion and remove information necessary for effective application security.

Version history
Last update:
‎18-Jun-2015 09:46
Updated by:
Contributors