We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Ransom malware merged with bank Trojan in new attack

Fradusters combine 'Reveton' with Zeus successor Citadel

Adding injury to insult, fraudsters have merged the phenomenon of ransom Trojans with banking malware, producing a hybrid that demands money before attempting to steal user logins.

Noticed by several security firms since the turn of the year, the web drive-by Reveton Trojan tries to coax victims into handing over payments of up to $100 with the warning that they have been found accessing violent and child porn content by the US Department of Justice.

After locking up the PC to gain the user's attention (the sophistication of this is unclear), the malware demands payment using cash transfer services that vary according to the geography of the victim's IP address.

So far the Trojan behaves like one of a growing number of ransom Trojans that have spread across the Internet in the last year, almost certainly the work of the same small family of Russian gangs, according to a recent Trend Micro analysis.

Although not a new Trojan, Reveton's latest sting in the tail is that it now deploys the Citadel banking Trojan as a follow-up attack. A development of the notorious Zeus Trojan that ran amok across online bank websites in 2010, Citadel normally steals logins using man-in-the-browser and key-logging, but can also pilfer corporate logins if configured to do so.

"It is clear from this and similar attacks we have discovered recently that financial malware has achieved a technological level of sophistication which enables it to be used to carry out virtually any type of cyber-attack," said Amit Klein of browser security firm Trusteer.

Just as security defences are becoming more layered, so attackers are adopting the same design principle, combining different attacks into hybrids that can be varied by geography or the type of victim.

"Through a combination of social engineering, data capturing and communication tampering these attacks are being used by criminals to target applications, systems and networks belonging to financial institutions, enterprises, and government agencies," said Klein.

The primary ransom attack has been Detected by Microsoft as Trojan:Win32/Reveton.A since February. The malware's fusion with the Citadel Trojan, noticed by Trusteer, appears more recent.


IDG UK Sites

Microsoft Band UK release date and price rumours, features and specs: Microsoft smartwatch unveiled

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

This Grolsch ad combines stop-motion & CG for majestic results

IDG UK Sites

Apple rumours and predictions for 2015: What to expect from Apple in 2015