A new variant of the notorious Zeus banking trojan, Terdot discovered with espionage capabilities which allow it to control Facebook and Twitter posts, as well as the ability to eavesdrop on emails.
A new variant of the notorious Zeus banking trojan, Terdot discovered with espionage capabilities which allow it to control Facebook and Twitter posts, as well as the ability to eavesdrop on emails.Like other variants of Zeus malware, Terdot targets Windows systems.The malware was first seen around mid-2016 and was capable of injecting HTML code into websites to carry out the man in the middle attacks and steal browsing information including credit card details and login credentials.The new variant Terdot uses open source tools for spoofing SSL certificates to gain access to social media and Gmail accounts and also can post on behalf of the infected user.Researchers at Bitdefender who discovered the malware said that new variant comes with automatic update capability which allows malware to download and execute files as per the instruction from the attacker.According to the samples, the malware target users of various web services such as Yahoo, Gmail and it was explicitly instructed not to gather any data from vk.com which is Russia's largest social media platform.The malware spread through phishing emails containing a fake PDF icon which execute a javascript file to download the malware when the file is open.
You may be interested in reading:HIDDEN COBRA -the North Korean Hackers are Still on Hunt!Terdot malware uses a chain of droppers, injections, and downloaders that allow the download of malware in pieces to keep malware undetectable.After installation, the malware injects itself into the browser processes to read traffic and deliver code. It also injects spyware to steal the data and upload it to the control and command servers.The trojan is also capable of bypassing the restriction imposed by TLS (Transport Layer Security) by generating its certificates for every website it visits.“Financial organizations should concern about this banking trojan since it is sufficient in attacks that cause financial loss for customers by compromising transactions, or by stealing account and credit-card information. Financial organizations can prepare by proactively monitoring user accounts for suspicious activity, particularly when transactions do not match the customer’s regular usage habits,” said Bitdefender researchers in the post publishedWhile the malware is not as wide-spread as some of the most notorious form of banking trojans, the fact that Terdot is so proficient at stealing credentials - and hiding its action -pointing to a dangerous new evolution in cybercrime.
Read more on: Credential Phishing, Banking Trojans, & Credit card Phishing in a Single Campaign