Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

The nastiest ebanking trojan just got nastier

For too long now the perpetrators of malware have been getting away with targeting our banking sector and each time we think we are getting somewhere they seem to be one step ahead while gradually raising the bar in this arms race.

On Friday, my team at TrustDefender Labs released a report on one of the nastiest pieces of malware which has just become even nastier. Now you may think that some of the older malware is bad enough, the bad guys have released a new version of one of the most highly successful e-banking Trojans but this time with major enhancements. And the 'bad news' is that they changed the lot!

Basically, these guys have been busy over the last few months with a new version of Mebroot/Sinowal/Torpiq that performs the same tasks and does the same badness as the previous versions (for more information see www.trustdefender.com/blog), however the big difference is that this Trojan is hiding in the system with improved stealthiness than ever before, to make sure:

1.    it can infect your system without you knowing

2.    collect as much information as possible and

3.    stay there undetected as long as possible

 

To reiterate in plain English: Everything that was previously written on how to detect Mebroot/Sinowal/Torpiq is now invalid and doesn’t apply anymore… No rg4sfay file in Windows\temp anymore, no reference to  \!win$… No detection with GMER’s special mbr.exe program and GMER itself only lists a couple of detached threads… Nothing really suspicious…

The troubling issue is that the research team found this new version and noted it has the most exhaustive list of banking and broking websites they have seen – with virtually all major financial institutions in UK, Australia, USA, Spain, Italy, Germany and more. But interestingly, more and more non-bank websites are part of this list, like partycashier.com (the online payment from a popular poker site) and government sites like pay.gov (electronic payments to the US Govt).

The challenge now for the 'good guys', when will they catch up and can they stop this nasty e-banking Trojan? 

 

 

3753

Channels

Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion

Member since

0

Location

0

More from member

Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more