The threat landscape is constantly evolving, and security researchers have discovered new iterations of an old Trojan malware that had targeted banking institutions in the past.
Neverquest, an offshoot of the Gozi banking Trojan, has been found shifting its aim on social networking sites and gaming portals. It seems that creators of the malware have worked hard to inject fake login fields into websites that the Trojan is specifically aimed at in order to scrape off sensitive data including social security numbers, PINs and usernames. After that, the Web traffic history is automatically erased from the targeted website, thanks to a new feature of the malware that does just that.
During its glorious days the Gozi Trojan was able to steal millions of dollars from victims who had unknowingly given their banking credentials to attackers. The newer version has pre-selected target Web forms that, when visited by a user whose computer is infected by the malware, activates the Trojan to automatically initiate the malicious operation.
Hackers are selling the Neverquest malware via the Neutrino exploit kit as the most popular vector in the black market. And with the addition of fresh capabilities inserted into the Trojan, enabling it the alter Web traffic as it performs its malicious activity, Internet users must be wary about logging in to their favorite social networking sites such as Facebook, Twitter, LinkedIn, as well as game portals.
The Web-injects built into the Neverquest Trojan have semblance with the other banking Trojans in that it is able to break into encryption and modify Web traffic. This exposes banking transactions to online fraud while a user is still in session and the malware injects a feigned login field into otherwise legit Web forms. Unsuspecting users are sure to fall for this malware.
Researchers also found that the malware’s new version has been distributed around the corner for nearly a year now, indicating that it has expanded its reach among users of social media and online games worldwide. Besides the upgrades to the Trojan’s capabilities, the developers of the malware have also bolstered its targeted websites. These developers are reported to be coming from Russia, and their targets are mostly in the United States.
It can be recalled in recent reports that large banks such as JP Morgan have been victims of major data breach and cyber attacks. According to researchers, the attacks have commenced a few months ago. We can only take extra precautions when logging in to our bank’s website and social media accounts.