Banking Trojan

The banking malware was known to have first appeared in 2016. In fact there was an article written about it within our blog: https://www.izoologic.com/2016/07/26/evolving-banking-malware-and-transaction-authentication/
As you can see the malware has evolved once more, but it isn’t new because the malware is customizable to give its evolution. The latest update on the Malware is to steal the browser and password history of its victims.

This banking malware is the latest trickbot variant that delivered its payload this October via a harmful Excel document. It is the same as majority of malware, the method is to spread via macros where the fake document will inform the user that the document was made in an earlier version of Excel. Once the user agrees to enable content the malware will tun VBS code which downloads additional malware.

The name of the payload is identified as “pointer.exe” which is the TrickBot itself. The bad thing is it persistently install itself to the Task Scheduler so that it can automatically run every time the machine is operational.

After for quite some time the malware will download an additional module called pwgrab32. The name of the module is a giveaway that it actually does steal victims’ password information from the infected system.

Which applications are affected by the pwgrab32 module?

  • Outlook
  • WinSCP
  • Filezilla

Wait there is more!

The Trickbot also sniffs data from internet browsers targeting usernames and passwords, cookies, browsing history, autofill and HTTP posts. That’s right all of the said information can be exploited by the attacker. The following browsers it works on are:

  • Google Chrome
  • Mozilla Firefox
  • Internet Explorer
  • Microsoft Edge

With the above effects/payload being said, the Trickbot is indeed a powerful tool due to its feature that can steal credentials from across the web. Victims will be at risk of identity fraud which is highly susceptible of theft on more than affect their bank credentials.

Authors of the malware updates the banking Trojans as long as they can in order to ensure that the definitions of the malware continues to stay undetected from malware scanners. A security software that protects the whole system nonstop can go a long way in protecting one from the banking Trojan trying to infect a system – as can education against social engineering on how to spot and avoid suspicious emails and similar methods which deliver this type of threat.

About the author

Leave a Reply

Categories