The Citadel trojan, a popular program used by cybercriminals to gather banking credentials and steal money from accounts, has become the latest financial malware to be repurposed as a tool to steal industrial secrets—this time from petrochemical companies in the Middle East.
During mid-summer, unknown attackers used the program to gather data, including e-mail messages and credentials, from the firms, IBM Trusteer stated in an analysis published on Monday. The company's researchers identified Citadel as the malware used to infect and steal data from the companies, which included "one of the largest sellers of petrochemical products in the Middle East and a regional supplier of raw petrochemical materials," the analysis stated.
The attack shows that either cybercriminals are branching out into stealing valuable industrial secrets or that industrial and nation-state spies are using off-the-shelf malware and opportunistic infections to gather sensitive information, says Dana Tamir, director of enterprise security for IBM Trusteer.