New, revamped Terdot Trojan [source: theregister]

19 Nov 2017

No Comments

1039

Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality.

Built on the Zeus framework, whose code was leaked in 2011, Terdot adds a number of novel techniques to the market, such as leveraging open-source tools for spoofing SSL certificates, antivirus firm BitDefender has reported. The malicious code also features a powerful man-in-the-middle proxy that filters the user’s entire web traffic in search of sensitive information that subsequently gets logged and exfiltrated.

This man-in-the-middle proxy also allows the banker Trojan to manipulate traffic on most social media and email platforms, and even post on the behalf of the infected user.

Terdot uses sophisticated hooking and interception techniques, and features several capabilities to ensure it is not detected or removed. The combination makes cleanup extremely difficult, BitDefender warned.

The Trojan is also predominately being distributed through websites compromised with the SunDown Exploit Kit, it added. The malware also spreads through booby-trapped emails with a bogus PDF icon button which, if selected, executes JavaScript code that downloads the malware.

For more, click here.