This time once again hackers have tried with the sophisticated malware for infecting the victim system to steal the financial data. Security researcher from the Anti-virus making fir Trend Micro have found a new variant of the malware that not only steal the information from victim system but also have the ability to sniff the network.
When users click on the link hosted on Spam mails by which a tool get downloaded and that tool further download its components files including a configuration and .DLL file. The configuration files contains information about the banks targeted by the malware, whereas the .DLL file is responsible for intercepting and logging outgoing network traffic.
Joie Salvio, security researcher at Trend Micro says- The .DLL file is injected to all processes of the system, including web browser and then “this malicious DLL compares the accessed site with the strings contained in the previously downloaded configuration file, “If strings match, the malware assembles the information by getting the URL accessed and the data sent.”
Bypass SSL connection
Further more the malware also have the capability to bypass the secure HTTPS connection, which is more danger for users, as they didn't notice the SSL connection of the site in browser while financial transaction.
“[It has] capability to hook to the following Network APIs to monitor network traffic: PR_OpenTcpSocket PR_Write PR_Close PR_GetNameForIndentity Closesocket Connect Send WsaSend”The malware is not targeting any particular region or country, rather it is spreading through out the world. The most effected countries are Europe, the Middle East and Africa, with Germany .
Precautions To Take
We have number of time notify our readers about such hacking activities and always recommend to opt some of the basic steps to prevent this.
- Users are recommend NOT TO CLICK on any links that are under the span box of your emails.
- Update your antivirus application on regular basis.
- Do check the URL on the browsers with the SSL connection enabled whenever a page ask for users credentials.
- If the mails is related to your bank, do double check before you click on that.