Researchers intercept dangerous new banking Trojan

Summary:Malware hunters have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the United States.

Malware hunters at SecureWorks have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the United States.

The Trojan, dubbed "Bugat," targets Automated Clearing House (ACH) and wire transfer transactions by small- and mid-sized business in the U.S., much like the virulent Clampi Trojan that has stolen tens of millions of dollars.

According to SecureWorks researcher Jason Milletary, the Bugat Trojan includes features commonly found in malware used to commit credential theft for financial fraud.

These include:

  • Internet Explorer (IE) and Firefox form grabbing
  • Scrape or modify HTML for targeted sites
  • Steal and delete IE, Firefox, and Flash cookies
  • Steal FTP and POP credentials
  • SOCKS proxy server (v4 and v5)
  • Browse and upload files from the infected computer
  • Download and execute programs
  • Upload list of running processes
  • Delete system files and reboot computer to render Windows unable to boot

The Trojan communicates with a remote command and control web server to receive commands and to exfiltrate stolen information.

As part of this process, the malware also receives a list of URL target strings used to monitor the victim’s web browser activity. These target strings indicate a strong interest in websites used for business banking and wire transfers. Bugat may also use HTTPS in an attempt to secure its command and control communications.

For more information on these types of attacks, see reporting by Brian Krebs on the WaPo SecurityFix blog.

Topics: Banking, Browser, Malware, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.