Bangladesh Bank Hackers Infected Popular Messaging Program
Hackers who tried to steal nearly $1 billion from Bangladesh’s central bank installed malware that compromised part of the messaging system used by thousands of banks around the world, a security firm warned on Monday.
The hackers, who got away with $81 million, could have used the malware to erase and alter database records of bank transfers recorded by SWIFT Alliance Access software, a messaging program banks use to exchange secure instructions for transferring money across the SWIFT communications network, BAE Systems said in a blog post.
“This malware appears to be just part of a wider attack toolkit, and would have been used to cover the attackers’ tracks as they sent forged payment instructions to make the transfers,” the security firm wrote. “This would have hampered the detection and response to the attack, giving more time for the subsequent money laundering to take place.”
Sign up for Data Sheet, Fortune‘s technology newsletter.
The malware program was found in an online repository used by hackers to share illicit software programs, BAE said. The program was uploaded by a user in Bangladesh, included dates around the time of the February 5th heist and contained functionality for interacting with the SWIFT messaging program used by the Bangladesh bank, BAE said.
“The tools are highly configurable and given the correct access could feasibly be used for similar attacks in the future,” the company warned.
SWIFT, a Belgian cooperative owned by the financial industry, connects more than 11,000 institutions in over 200 countries and processed over six billion messages last year.
The group said it was aware of the malware but that the rogue program had “no impact on SWIFT’s network or core messaging services.” But the group conceded that the program could be used to hide traces of fraudulent transfers if hackers had broken into a user’s local network.
“We have developed a facility to assist customers in enhancing their security and to spot inconsistencies in their local database records, however the key defense against such attack scenarios remains for users to implement appropriate security measures in their local environments to safeguard their systems—in particular those used to access SWIFT—against such potential security threats,” SWIFT said in a statement.
Hackers penetrated the Bangladesh central bank’s computer network and tried to request that almost $1 billion be transferred from the bank’s account at the Federal New York Bank of New York to bogus accounts in Sri Lanka and the Philippines, the bank disclosed last month. Most of the transfers were blocked, but $100 million went through.
Of the losses, $81 million transferred to casinos in the Philippines has not been recovered.