Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality.
Built on the Zeus framework, whose code was leaked in 2011, Terdot adds a number of novel techniques to the market, such as leveraging open-source tools for spoofing SSL certificates, antivirus firm BitDefender has reported. The malicious code also features a powerful man-in-the-middle proxy that filters the user's entire web traffic in search of sensitive information that subsequently gets logged and exfiltrated.
This man-in-the-middle proxy also allows the banker Trojan to manipulate traffic on most social media and email platforms, and even post on the behalf of the infected user.
Terdot uses sophisticated hooking and interception techniques, and features several capabilities to ensure it is not detected or removed. The combination makes cleanup extremely difficult, BitDefender warned.
In other banking Trojan news, miscreants have brewed up a entirely new strain of nasty called IcedID.
The malware targets banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the US. Two major banks in the UK are also on the target list the malware fetches, according to security researchers from IBM X-Force, which discovered the nasty.
In addition to its data-harvesting abilities, IcedID can also monitor victims' online activities. In spite of being new and still in development, IcedID already possesses some advanced features that rival features experts have seen in older and more complex banking trojans (such as Dridex, Zeus and Gozi). ®