
A fake response malware is a type of malware that intercepts and modifies responses from web servers or an application server. This can be used to steal sensitive data, such as passwords and credit card numbers.
Fake response malware works by intercepting the communication between a browser or application and the server. When a user uses the application, the app sends a request to its server. The server then sends a response back to the application. The fake response malware intercepts this response and modifies it before it is sent to the application. This allows the malware to steal sensitive data, such as passwords and credit card numbers.
Recent media articles pertaining to malware attack on the payment switch application of one oldest co-operative and losses been reported is disturbing for us at SISA.
SISA on 20th December 2017 had issued a global advisory warning banks that cyber criminals were identified who were using fake response malware to inject malicious script to payment switch servers for generating fake response messages to the request received from payment brands.
However, considering the resurfacing of this attack, more importantly, as part of our PFI activity the intruder is there in the system for more than a year. Hence, we can’t prevent a breach, but at-least, we will be able to stop lateral movement and egress point. Unless there is egress, the intruder hasn’t succeeded.
As fake response malware becomes more sophisticated, traditional cybersecurity measures may not be sufficient to detect and mitigate these attacks effectively. Here are some strategies to strengthen your defense against this threat:
Blogs
Whitepapers
Threat-a-Licious
Customer Success Stories
SISA is a Leader in Cybersecurity Solutions for the Digital Payment Industry. As a Global Payment Forensic Investigator of the PCI Security Standards Council, we leverage forensics insights into preventive, detective, and corrective security solutions, protecting 1,000+ organizations across 40+ countries from evolving cyberthreats.
Our suite of solutions from AI-driven compliance, advanced security testing, agentic detection/ response and learner focused-training has been honored with prestigious awards, including from Financial Express, DSCI-NASSCOM and The Economic Times.
With commitment to innovation, and pioneering advancements in Quantum Security, Hardware Security, and Cybersecurity for AI, SISA is shaping the future of cybersecurity through cutting-edge forensics research.