Sophisticated Banking Trojan Gaining Steam as Holidays Approach
26 Nov 2013
SecurityWeek, By Brian Prince
In July, a post was published on cybercrime forum that offered a malicious program that could be used to attack about 100 banks by "seeding add-on code onto bank websites viewed with Internet Explorer and Mozilla Firefox, with VNC connections" and other ways to attack any bank in the world, according to Kaspersky Lab.
Digging deeper, the researchers discovered that the program the criminals offered was Trojan-Banker.Win32/64.Neverquest – malware that by mid-November had been used in several thousand attempted infections all around the world.
The Trojan's main objective is to replenish its default list of 28 targeted websites – all of which are large international banks and popular online payment services – by identifying web pages visited by victims that use certain keywords related to bank transactions. If the keywords are found on a webpage in the browser, the malware will intercept the process and send them full contents of the webpage and its URL to malicious users. Read more.