Friday, January 22, 10:31
Home security A brief look at the Citadel Banking Trojan

A brief look at the Citadel Banking Trojan

  • Citadel is a banking trojan that was originally discovered by 2012. It is based on the Zeus trojan source code.
  • This trojan is designed to steal sensitive information including financial information and passwords.

Citadel is known for targeted attacks on public and private organizations and steals credentials various information management systems, money and also infect systems with a range of malware. In fact, this is one of the first trojans to offer malware on Dark web.


The capabilities of Citadel

Using the man-in-the-browser (MiTB) technique, which involves HTML injection or JavaScript in one website, this trojan collects sensitive information.

  • MiTB allows hackers to add additional fields to the site, such as PINs or other sensitive fields.
  • Users assume they enter details on a legitimate site but fall victim to credential theft from this trojan.
  • Malware also has keylogging capabilities that can compromise passwords and authentication systems.
  • In some attacks, infected systems have been observed to turn bots into a botnet.
  • A ransomware called Reveton was also used in some attacks, suggesting that FBI it imposed exclusion and demanded an amount of ransom.

Attacks in the foreground

Citadel and its variants are said to have infected millions of computers and caused huge financial losses.

January 2014: 2013's malicious Target infringement was reported to be related to the Trojan Citadel.

February 2013: The NBC website was hacked and redirected to visitors to the Citadel banking Trojan. The site is said to be hosting an iframe that led visitors to sites hosted by the malware-serving RedKit kit.

September 2014: Researchers find a variant of Trojan used in attacks against many petrochemical companies in Μέση Ανατολή. This was probably the first time Citabel was used in attacks against non-financial entities in targeted attacks.

April 2016: A new malware executive named Atmos, a variant of Citadel, was discovered. Researchers noted that he had the same motivation as the Trojan Citadel.

Citadel developers went to jail

Dimitry Belorossov was sentenced to four years and six months in prison for distributing and installing the Citadel trojan. Mark Vartanyan, who is accused of developing the Citadel trojan, received a five-year prison sentence.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


QNAP: New Dovecat crypto-miner infects NAS devices

QNAP has warned its customers about a new malware (crypto-miner) called Dovecat, which targets NAS (network-attached storage) devices ...

MyFreeCams: Two million files were stolen from the adult site

A database of the popular adult site MyFreeCams, has been leaked to a hacking forum, resulting in the data of its users to ...

FBI: Parler is called in to investigate the Capitol attack

Participants in the January 6 attack on the US Capitol are accused of their actions, as they seem to have published in Parler and ...

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...