New, revamped Terdot Trojan [source: theregister]
by CIRT Team
Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality.
Built on the Zeus framework, whose code was leaked in 2011, Terdot adds a number of novel techniques to the market, such as leveraging open-source tools for spoofing SSL certificates, antivirus firm BitDefender has reported. The malicious code also features a powerful man-in-the-middle proxy that filters the user’s entire web traffic in search of sensitive information that subsequently gets logged and exfiltrated.
This man-in-the-middle proxy also allows the banker Trojan to manipulate traffic on most social media and email platforms, and even post on the behalf of the infected user.
Terdot uses sophisticated hooking and interception techniques, and features several capabilities to ensure it is not detected or removed. The combination makes cleanup extremely difficult, BitDefender warned.
For more, click here.