New Banking Malware with Network Sniffing Capability

Share it:
Banking malware, hacking bank accounts, steal money, bank fraud
Backing sector is one of the prior target of the Cyber criminals, as they have tried number ways to get the victim or try to hack banking system. Many time hackers adopting more sophisticated techniques in an effort to target as many victims as they can., and mostly they tried with the phishing page, infect the system with malware.

This time once again hackers have tried with the sophisticated malware for infecting the victim system  to steal the financial data. Security researcher from the Anti-virus making fir Trend Micro have found a new variant of the malware that not only steal the information from victim system but also have the ability to sniff the network.

This new banking malware is dubbed a EMOTET, which is rapidly spreading via mails. The spam mails shows as a normal banking related mails which actually contain the link of the malicious piece of application.  The spam mails is designed so well that user easily click on it, by which malicious application get downloaded with out the prior information of users.

When users click on the link hosted on Spam mails by which a tool get downloaded and that tool further download its components files including a configuration and .DLL file. The configuration files contains information about the banks targeted by the malware, whereas the .DLL file is responsible for intercepting and logging outgoing network traffic.

Joie Salvio, security researcher at Trend Micro says-  The .DLL file is injected to all processes of the system, including web browser and then “this malicious DLL compares the accessed site with the strings contained in the previously downloaded configuration file, “If strings match, the malware assembles the information by getting the URL accessed and the data sent.”

Bypass SSL connection
Further more the malware also have the capability to bypass the secure HTTPS connection, which is more danger for users, as they didn't notice the SSL connection of the site in browser while financial transaction.
“[It has] capability to hook to the following Network APIs to monitor network traffic: PR_OpenTcpSocket PR_Write PR_Close PR_GetNameForIndentity Closesocket Connect Send WsaSend”
The malware is not targeting any particular region or country, rather it is spreading through out the world. The most effected countries are Europe, the Middle East and Africa, with Germany .

Precautions To Take
We have number of time notify our readers about such hacking activities and always recommend to opt some of the basic steps to prevent this.

  • Users are recommend NOT TO CLICK on any links that are under the span box of your emails. 
  • Update your antivirus application on regular basis. 
  • Do check the URL on the browsers with the SSL connection enabled whenever a page ask for users credentials.
  • If the mails is related to your bank, do double check before you click on that. 
Share it:

Malware

News

Security

Post A Comment:

0 comments:

Follow by Email