To Customer Support To Customer Support

Chthonic: a New Modification of ZeuS

  • 18 December 2014
  • 1 reply
  • 7 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By Yury Namestnikov, Vladimir Kuskov, Oleg Kupreev on December 18, 2014
 
In the fall of 2014, we discovered a new banking Trojan, which caught our attention for two reasons:
  • First, it is interesting from the technical viewpoint, because it uses a new technique for loading modules.
  • Second, an analysis of its configuration files has shown that the malware targets a large number of online-banking systems: over 150 different banks and 20 payment systems in 15 countries. Banks in the UK, Spain, the US, Russia, Japan and Italy make up the majority of its potential targets.
Kaspersky Lab products detect the new banking malware as Trojan-Banker.Win32.Chthonic.
The Trojan is apparently an evolution of ZeusVM, although it has undergone a number of significant changes. Chthonic uses the same encryptor as Andromeda bots, the same encryption scheme as Zeus AES and Zeus V2 Trojans, and a virtual machine similar to that used in ZeusVM and KINS malware.
 
Full Article

1 reply

R
Rank
Userlevel 7
The following article is a update:

Chthonic Trojan Targets Online Banking Systems in 15 Countries

By Eduard Kovacs on December 19, 2014
 
A new banking Trojan that appears to be an evolved version of the notorious Zeus has been analyzed by researchers at Kaspersky Lab.
According to the security firm, the threat, dubbed Chthonic, borrows some techniques from other pieces of malware, but it also uses some new mechanisms. Detected by Kaspersky asTrojan-Banker.Win32.Chthonic, the Trojan has been used to target a large number of financial organizations in several countries.
Cybercriminals have been distributing Chthonic with the aid of emails carrying malicious documents, and by directly downloading the threat to victim devices using the Andromeda bot. It's worth noting that the Trojan uses the same encryptor as Andromeda.
In the first phase of the attack, a Trojan downloader, which is based on Andromeda source code, is planted on the victim machine. The downloader contains a configuration file that is encrypted using techniques previously seen at KINS and ZeusVM.
 
full article
 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.