Updated version of Terdot trojan emerged
Spotted in the middle of 2016 Terdot virus, a variant of infamous Zeus Trojan, is back. Even though it started as a banking trojan, now it returned with a new strategy. The trojan was noticed stealing social media and email data. This feature makes trojan standout from other cyber threats.
The recently emerged updated version of Terdot is designed to steal information from Facebook, Twitter, Google Plus and YouTube. The virus might also use social networks to spread further by posting malicious links to download malware on the devices.
However, the interesting fact is that it does not target VKontakte – the biggest social media platform in Russia. It allows assuming that authors of the malware might be located in Russia or Eastern Europe.
Additionally, this cyber threat might monitor email activity. Malware reported of targeting email services, such as Microsoft live.com login page, Yahoo Mail, and Gmail.
The features of the Terdot virus
Terdot started as a banking trojan that used man-in-the-middle attacks to compromise websites and steal victim’s credentials. The banking malware mostly targeted Canada, the United States, the United Kingdom, Germany, and Australia.
- Royal Bank,
- the Toronto Dominion bank,
- Banque Nationale, Scotiabank,
- CIBC and Tangerine Bank.
The trojan also injects itself into web browser processes. It mostly targets Mozilla Firefox and Internet Explorer browsers. When it settles in the browsers and injects malicious codes, it starts data tracking activities to steal sensitive information. All the stolen data is sent to Command & Control server.
The complexity of the trojan might warn about new era of data-stealing trojans
Security experts warn that Terdot malware has automatic update feature that allows developers to execute new tasks using the same trojan. It means that the program might be updated anytime and become more destructive.
Financial institutions and banks are advised to prepare for better customers' accounts monitoring in order to spot suspicious or unusual activities that might be caused by cyber criminals. Banking trojans can steal credentials silently and empty bank accounts without being noticed.
To protect customers from losing their money, targeted companies should give necessary information and support that would help people to avoid financial loss.
The trojan uses a two-vector attack by sending phishing emails and using man-in-the-middle proxy. While companies should obtain multivector detection solution system to increase the security; users should not only check the compromised websites that include fake security certificates but learn how to detect phishing emails as well.