Security researchers have discovered a new and sophisticated form of malware based on the notorious terdot banking trojan that steals more than bank account information.
Terdot nickname, the Trojan Banking has been around since the mid-2016 years and was originally developed as a proxy to perform Man-in-the-Middle (MITM) attacks, stealing navigation information such as the stored information on the credit card and access and the Injection Credentials Pages visited HTML Web.
However, security researchers Bitdefender found that the Trojan banking has come up with new intelligence features, such as the use of open source tools refurbished SSL certificates to gain identity access to social media and e-mail accounts, and even as the infected users leave behind.
Also Read: Critical Tor Browser Vulnerability Leaks User’s Real IP Address
Terdot Banking Trojan does this through a very personal proxy MITM (man-in-the-middle), the malicious software allows to intercept all traffic on the infected computer.
In addition, the new version of terdot banking trojan even has automatic updates that enable malicious programs to download and run files according to the needs of the operator.
Typically, the Bank terdot banking trojan led several Canadian institutions such as the Royal Bank, National Bank, PC Financial, Desjardins, BMO (Bank of Montreal) and Scotiabank, among others.
This Trojan can steal your account on Facebook, Twitter, and Gmail
However, according to the latest analysis, terdot banking trojan can be used on social networks like Facebook, Twitter, Google Plus and YouTube and email providers like Gmail, Google Live.com, and Yahoo! replies mail.
Also Read: ‘LeakTheAnalyst’ Arrested: Hacker Who Claimed To Have Hacked FireEye
It is noteworthy that malware avoids collecting data via the largest Russian social network VKontakte (vk.com), as seen by Bitdefender. This indicates that actors from Eastern Europe could stand behind the new variant.
terdot banking trojan has mainly distributed via infected websites sundown kit exploit, but researchers also found that appears in e-mail messages with false PDF button.
After infection, the Trojan is injected into the browser process to redirect connections to its network proxy, read traffic, and inject spyware. It can also steal credentials by checking victims’ requests or injecting spyware code into their replies.
Terdot banking trojan can also bypass the restrictions imposed by TLS (Transport Layer Security), generate its CA, and generate certificates for each victim-visited domain.
Also Read: 7 Lessons To Learn Before You Turn 30
Any data the victim sends to a bank account or social networking site can be tracked and changed by Terdot banking trojan in real time. This can also be spread by posting fake links to other social media accounts. ,
“Terdot banking trojan is a complex malware based on the legacy of Zeus,” said Bitdefender. “His commitment to collecting credentials for other services, such as social networking and e-mail services, can make it an extremely powerful computer spyware tool that is extremely difficult to detect and clean.”
Bitdefender has been monitoring the new variant of terdot banking trojan since returning in October. For more information on the new threat, see the Technical Documentation (PDF) published by the security firm.