Researchers with FireEye s Mandiant group found that some samples of the new in-memory malware dropper they dubbed BOOSTWRITE can load more than one payloads, including the Carbanak backdoor associated with the FIN7 hackers. The FIN7 hacking group has added new tools to its malicious toolkit, a malware loader that will deliver payloads straight into memory and a module that hooks into the legitimate remote administration software of ATM maker NCR Corporation. The newly found RDFSNIFFER module allows an attacker to inject commands into an active RDFClient session.
Source: https://www.bleepingcomputer.com/news/security/fin7-hackers-load-new-rat-malware-into-atm-makers-software/