A fake response malware is a type of malware that intercepts and modifies responses from web servers or an application server. This can be used to steal sensitive data, such as passwords and credit card numbers.
Fake response malware works by intercepting the communication between a browser or application and the server. When a user uses the application, the app sends a request to its server. The server then sends a response back to the application. The fake response malware intercepts this response and modifies it before it is sent to the application. This allows the malware to steal sensitive data, such as passwords and credit card numbers.
Recent media articles pertaining to malware attack on the payment switch application of one oldest co-operative and losses been reported is disturbing for us at SISA.
SISA on 20th December 2017 had issued a global advisory warning banks that cyber criminals were identified who were using fake response malware to inject malicious script to payment switch servers for generating fake response messages to the request received from payment brands.
However, considering the resurfacing of this attack, more importantly, as part of our PFI activity the intruder is there in the system for more than a year. Hence, we can’t prevent a breach, but at-least, we will be able to stop lateral movement and egress point. Unless there is egress, the intruder hasn’t succeeded.
As fake response malware becomes more sophisticated, traditional cybersecurity measures may not be sufficient to detect and mitigate these attacks effectively. Here are some strategies to strengthen your defense against this threat:
Customer Success Stories
SISA ProACT MDR solution
Powered by Forensic Intelligence
Get Daily Updates on our Latest Threat Advisories