CoreBot Evolves Into Highly Efficient Banker Trojan

According to IBM, its security researchers, during August 2015, discovered CoreBot in a fresh form with more advanced features while capturing banking credentials and related data from contaminated systems and culminating into highly efficient Trojan, published securityweek.com, September 11, 2015.

Earlier variants, IBM researchers found filched sensitive information only stored locally; however, the variants didn't access data or filch them within real-time. Nevertheless, security specialists noticed that there was one modular plug-in tool the Trojan used for letting the creators of CoreBot include more features with least effort.

The newer variants researchers analyzed comprise many features viz., form grabbing; browser hooking; MitM (man-in-the-middle) task when compromising browsing sessions; VNC (virtual network computing) system to takeover control remotely; customizing injection into the web as well as making web-injections that would be on-the-fly.

Evidently, CoreBot has developed from a mere hijacking malware to one wholly banking malware in a short time. IBM has found that the Trojan's creators had been meticulously, over-time, evolving and checking the malware's latest features.

IBM points out that there are 55 URLs in CoreBot that trigger its action. These URLs bridge with Internet-banking facilities inside UK, Canada and US.

Originally, CoreBot used to steal Web-surfers' passwords, but now it has changed over to seizing victims' login details while employs socially engineered tactics for luring victims into giving away important information. As victim's browser session gets validated the malware's operator subsequently gets the signal to prepare attack. However, the hacker prepares to access the Internet, disrupt and finally compromise victim's banking session when wait screen is flashed on the victim's computer to make him pause.

IBM explains that the fraudster then utilizes session cookie for mingling with the victim's web session while gains control over it for starting a transaction alternatively altering the existing transfer's key factors. Eventually, the money would go into the fraudster-controlled account, the researchers highlight. ZDNet.com reported this, September 11, 2015.

IBM says, whilst CoreBot isn't so pervasive like other popular banker malware, particularly Zeus, it'll be soon when the malware will be used in targeted scams, with even more features added to it.

» SPAMfighter News - 9/24/2015