ESET researchers have spotted a new malware spreading campaign targeting online banking users in Turkey, the Czech Republic, Portugal and the United Kingdom. It uses phishing campaigns related to trustworthy organizations to infect user machines.
Based on Esset analysis, the new banking Trojan Hesperbot with functionality similar to the most notorious Zeus & Spyeye. However this is a new malware family and not a variant of a previously known Trojan. Win32.Hesperbot has a similar feature like most banking Trojans like keystroke logging, creation of screenshots and video capture , creating a hidden VNC server on the infected system, network traffic interception and HTML injection capabilities.
As per ESET blog “ The Trojan aims at obtaining login credentials giving access to the victim’s bank account and to get them to install a mobile component of the malware on their Symbian, Blackberry or Android phone.”
“The domain was registered on August 7, 2013 and the first malware Hesperbot binaries (detected as Win32/Agent.UXO at first) distributed in the Czech Republic were compiled on the morning of August 8, 2013 and picked up by our LiveGrid® system moments later.”
“The configuration files used by the malware’s HTTP interception and injection module specify which online banking websites are to be targeted by each botnet.”
The reality of such infection will be known only over time. It has been a while since anything major broke recently and we hope this is not the beginning.
Technical details can be reference form ESET blog