Hackers used malware to infiltrate a regional Russian bank and manipulate the ruble-dollar exchange rate by more than 15 percent in minutes, according to a cybersecurity firm investigating the attack.

ADVERTISEMENT

The virus used, known as Corcow Trojan, has reportedly infiltrated 250,000 computers worldwide and infected over 100 financial institutions, Bloomberg reports.

Russian-language hackers used Corcow Trojan to open a backdoor into Kazan-based Energobank’s systems in February 2015, and then place over $500 million in orders at non-market rates, Group-IB told Bloomberg.

The swing resulted in a Russian central bank investigation into possible market manipulation.

“This is the first documented attack using this virus and it has potential to do much more damage,” said Dmitry Volkov, the head of Group-IB’s cyber intelligence department. “Once the malware has penetrated a local network, it is sophisticated enough to infect computers that are even not connected to the Internet.”

The firm says antiviruses are not effective against the Corcow Trojan, which can hide undetected in a bank's systems for more than six months.

The Moscow Exchange has said that its systems were not hacked in the incident. A separate investigation by the central bank found no evidence of currency manipulation, blaming the swing — which lasted 14 minutes and caused the exchange rate to fluctuate from 55 and 66 rubles per dollar — on traders’ mistakes.

The central bank claimed losses of 244 rubles, or $3.2 million, according to local news reports. Group-IB said that while there is no evidence the hackers benefited financially from the hack, they may have been laying groundwork for a later attack.

Corcow Trojan itself is not new. Although it was first seen in 2011, according to security researcher Graham Cluley, it “more-or-less fell off the radar during 2012 only to see a sudden resurgence” in 2013.

The virus contains a specific module to subvert a popular Russian banking system used to facilitate speedy electronic exchanges, according to Cluley.