Cybercrime group RTM is deploying complex malware based in the Delphi programming language to target Remote Banking Systems (RBS), a type of business software used to make bulk financial transfers.
The problem was severe enough to warrant an advisory from FinCERT, a Russian CERT responsible for fighting cybercrime targeting Russian financial institutions in late 2016.
RTM is using its malware to spy on victims in a variety of ways such as monitoring keyboard strokes and smart cards inserted in the system, according to security software firm ESET. Malicious software allows all-time monitoring of banking-related activities as well as the possibility to upload files from the compromised system to its Command and Control (C&C) server.
"The malware actively searches for export files common to popular accounting software mainly used in Russia," said Jean-Ian Boutin, a malware researcher at ESET.