Those who are hoping to see the ultimate end of further Trojan variants building up on Zeus are in for a big frustration after security researchers from Trusteer, an IBM subsidiary, spotted a fresh malware that scrapes off log-in credentials and online banking information being flaunted in a black market forum.
Kronos is designed to target browsing sessions in Internet Explorer, Mozilla Firefox and Google Chrome and steal the log-in details of users, as portrayed on the Russian cybercriminal forum ad. It further explains that the banking Trojan employs such malicious techniques as form-grabbing, HTML content injection and Web injects for the theft.
One can recall that the Web injecting technique had been a popular strategy of cyber criminals who used the Zeus Trojan during its popularity before it was busted by authorities and its development stunted.
Accordingly, cyber criminals can smoothly transition to the Kronos Trojan using Zeus variants in the wild. And while the malware steals browsing session information, Kronos also works to defeat other malware on a computer system because of its user-mode rootkit for 32-bit and 64-bit Windows. As it performs its malicious activity, Kronos also shuns detection of anti-malware software tools and sandbox security systems, according to its developer.
However, that claim could be taken with a grain of salt, from the perspective of some security experts. To say that the Trojan can evade sandbox environments is merely trying to deduce the ocean based on a sample of droplet from it. That is so because the sandbox system comprises a large variety of security methods that have unique ways for catching even perhaps the most evasive virus. It is also highly impossible that a single Trojan such as Kronos, which has never been analyzed yet, could bypass all of sandboxes. And in order for that to be believable, it has to be sold for a princely sum that perhaps not all cybercriminals could afford it, which is not the case for Kronos.
Currently, the creator of Kronos is selling the malware tool for $7,000, inclusive of development services, upgrades and fixes. The price dwarfs that of the other malware, which are sold for only hundreds of dollars. But if the developer’s claims are true, then it is reasonable.
However, the security community and hacker groups alike have yet to verify whether the Kronos Trojan can live up to the publicity made by its creator, who developed the malware using the source code of another popular, but now defunct Trojan, Carberp.