The world's biggest banks have been warned they are vulnerable to a specific cyber attack which has been linked to one of the largest hacks of the year against the central bank of Bangladesh.
Malware that hides fraudulent transactions made via the Swift payments system - the global technology governing international transfers which is used by major financial institutions and individuals - has been identified by security researchers.
This has prompted Swift, the cooperative group based in Belgium which runs the system, to warn banks and other customers that they may be targeted by the malware.
It said in a statement:
Swift is aware of a malware that aims to reduce financial institutions’ abilities to evidence fraudulent transactions on their local systems ... We understand that the malware is designed to hide the traces of fraudulent payments from customers’ local database applications and can only be installed on users’ local systems by attackers that have successfully identified and exploited weaknesses in their local security.
It told banks using Swift they should ensure there is adequate security to safeguard their systems, "particularly those with access to the Swift systems".
Security researchers at BAE Systems identified the malware in connection with the heist on the Bangladesh central bank which hit headlines in March. Hackers managed to transfer $80m but were foiled in their attempt to take as much as $1bn by a typo in one of the transfers.
Read more: Adele targeted by hackers
In a blog post published on Monday, BAE Systems' Sergei Shevchenko said:
"The technical details of the attack have yet to be made public, however we’ve recently identified tools uploaded to online malware repositories that we believe are linked to the heist. The custom malware was submitted by a user in Bangladesh, and contains sophisticated functionality for interacting with local Swift Alliance Access software running in the victim infrastructure."
The elaborate and unusual malware attack masks the false transaction, including intercepting a print out of a confirmation message of the fraud which could be spotted, replacing it with a doctored version that will go unnoticed.
"The analysed sample allows a glimpse into the toolkit of one of the team in well-planned bank heist. Many pieces of the puzzle are still missing though: how the attackers sent the fraudulent transfers; how the malware was implanted; and crucially, who was behind this," concluded Shevchenko.
"This malware was written bespoke for attacking a specific victim infrastructure, but the general tools, techniques and procedures used in the attack may allow the gang to strike again."
Swift clarified that it was not itself, nor its system, compromised by the malware. "Contrary to reports that suggest otherwise, this malware has no impact on Swift’s network or core messaging services," it added.