Security researchers have discovered a brand-new, sophisticated form of malware based on the notorious Zeus banking Trojan in which steals more than just bank account details.
Dubbed Terdot, the banking Trojan has been around since mid-2016 along with was initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card information along with login credentials along with injecting HTML code into visited web pages.
However, researchers at security firm Bitdefender have discovered in which the banking Trojan has today been revamped with brand-new espionage capabilities such as leveraging open-source tools for spoofing SSL certificates in order to gain access to social media along with email accounts along with even post on behalf of the infected user.
Terdot banking trojan does This kind of by using a highly customized man-in-the-middle (MITM) proxy in which allows the malware to intercept any traffic on an infected computer.
Besides This kind of, the brand-new variant of Terdot has even added automatic update capabilities in which allow the malware to download along with execute files as requested by its operator.
Usually, Terdot targeted banking websites of numerous Canadian institutions such as Royal Bank, Banque Nationale, PCFinancial, Desjardins, BMO (Bank of Montreal) along with Scotiabank among others.
This kind of Trojan Can Steal Your Facebook, Twitter along with Gmail accounts
However, according to the latest analysis, Terdot can target social media networks including Facebook, Twitter, Google Plus, along with YouTube, along with email service providers including Google’s Gmail, Microsoft’s live.com, along with Yahoo Mail.
Interestingly, the malware avoids gathering data related to Russian largest social media platform VKontakte (vk.com), Bitdefender noted. This kind of suggests Eastern European actors may be behind the brand-new variant.
The banking Trojan will be mostly being distributed through websites compromised with the SunDown Exploit Kit, however researchers also observed the item arriving in a malicious email that has a fake PDF icon button.
Terdot can also bypass restrictions imposed by TLS (Transport Layer Security) by generating its own Certificate Authority (CA) along with generating certificates for every domain the victim visits.
Any data in which victims send to a bank or social media account could then be intercepted along with modified by Terdot in real-time, which could also allow the item to spread itself by posting fake links to various other social media accounts.
“Terdot will be a complex malware, building upon the legacy of Zeus,” Bitdefender concluded. “Its focus on harvesting credentials for various other services such as social networks along with email services could turn the item into an extremely powerful cyber espionage tool in which will be extremely difficult to spot along with clean.”
Bitdefender has been tracking the brand-new variant of Terdot banking Trojan ever since the item resurfaced in October last year. For more details on the brand-new threat, you can head on to a technical paper (PDF) published by the security firm.