Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Heperbot trojan targets online banking users

ESET : 06 September, 2013  (Technical Article)
Advanced Trojan focuses on online banking users in European and Asian countries supported by credible looking e-mail phishing campaigns
Heperbot trojan targets online banking users

ESET HQ malware research lab has uncovered a new and effective banking trojan which targets online banking users in Europe and Asia. Using very credible-looking spreading campaigns related to trustworthy organizations it lures victims  to actually run the malware. Several victims have already been robbed of financial assets because of this newly-revealed threat. Based on LiveGrid data – ESET’s cloud-based malware collection system – hundreds of infections have been detected in Turkey, dozens in the Czech Republic, United Kingdom and Portugal. This very potent and sophisticated banking malware dubbed Hesperbot is spreading via phishing-like emails and also attempts to infect mobile devices running Android, Symbian and Blackberry.

Detected as Win32/Spy.Hesperbot, this threat features keylogger capabilities, can create desktop screenshots and video capture, and set up a remote proxy, but also includes some more advanced tricks, such as creating a hidden remote connection to the infected system. “Analysis of the threat revealed that we were dealing with a banking trojan, with similar functionality and identical goals to the infamous Zeus and SpyEye, but significant implementation differences indicated that this is a new malware family, not a variant of a previously known trojan,” says Robert Lipovsky, ESET malware researcher who leads the team analyzing this threat. “ESET products like ESET Smart Security and ESET Mobile Security protect against this malware,” he adds.

The attackers aim to obtain login credentials giving them access to the victim’s bank account and getting them to install a mobile component of the malware on their Symbian, Blackberry or Android phone.

The Czech malware campaign started on August 8, 2013. The perpetrators have registered the domain www.ceskaposta.net, which is very close to the  actual website of the Czech Postal Service. “It’s probably not surprising that the attackers tried to lure potential victims  to  open the malware by sending phish-like emails resembling parcel tracking information from the Postal Service. This technique has been used many times before,” says Lipovsky. The Czech Postal Service responded very quickly by issuing a warning about the scam on their website.

Nevertheless, a country most affected by this banking trojan is Turkey, with Hesperbot detections there dated even earlier than August 8. Recent peaks in
botnet activity were observed in Turkey in July 2013, but ESET has also found older samples that go back at least to April 2013. The phishing e-mail that was sent to potential victims purported to be an invoice. A variant of the malware has also been found in the wild designated to target computer users in Portugal and the United Kingdom.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo