Number: IRCNE2014072255
Date: 2014-07-15
According to “computerworld”, a new Trojan program designed to steal log-in credentials and other financial information from online banking websites is being advertised to cybercriminal groups on the underground market.
The new malware is called Kronos, and based on a recent ad seen in a Russian cybercriminal forum it can steal credentials from browsing sessions in Internet Explorer, Mozilla Firefox and Google Chrome by using form-grabbing and HTML content injection techniques, said Etay Maor, a senior fraud prevention strategist at IBM subsidiary Trusteer, Friday in a blog post.
According to the ad, the new threat is compatible with content-injection scripts -- also known as Web injects -- developed for Zeus, a popular online banking Trojan that's no longer in development. This design decision is intended to allow cybercriminals who still use Zeus variants in their operations to easily switch to Kronos.
In addition to the information-theft capabilities, the new Trojan has a user-mode rootkit component for 32-bit and 64-bit Windows systems that can protect its processes from competing malware. Its creator also claims that Kronos can evade antivirus detection and sandbox environments typically used for malware analysis.
According to researchers from Kaspersky Lab, who have also seen the Kronos advertisements on several underground forums last week, the new online banking threat appears to be based on the source code of Carberp.
News of this new online banking malware threat comes after law enforcement agencies from several countries at the beginning of June worked with security vendors to shut down a financial fraud botnet based on a Zeus spin-off called Gameover.
On Friday, security researchers from CSIS Security Group in Denmark reported that the source code of yet another online banking Trojan called Tinba was leaked on underground forums.
- 2