by paganinip on August 3rd, 2014
Researchers at IBM discovered a new variant of the Citadel banking malware which includes a new interesting feature that allows attackers to maintain persistence in the victim’s machine through remote management tools.
Citadel is directly derived from the popular Zeus banking Trojan, in June 2013 Microsoft and the FBI carried out takedowns that eradicated more than 1,400 botnets (nearly 88% of overall Citadel botnet) associated with this malware.
The new variant of Citadel detected by the experts is integrated with VNC and other remote management tools exploited by the attackers to remotely control victim machines, even after the malware has been detected and removed.
Microsoft® Windows Insider MVP - Windows Security
The following article is a update on Citadel Trojan
(Citadel malware becomes APT tool in newest hacking campaign)
Author: Zeljka Zorz HNS Managing Editor/ Posted on 16.09.2014
APT attackers wielding a newer, more dangerous versions of the Citadel malware have been targeting a number of Middle Eastern petrochemical companies, Trusteer researchers have discovered.
The companies in question have been duly informed of the attacks, Dana Tamir, Director of Enterprise Security at Trusteer, has confirmed in a blog post. Among the targets are a supplier of raw petrochemical materials, as well as one of the largest sellers of petrochemical products in the region.
The attackers behind this particular campaign are still unknown.
"While the use of advanced malware that was originally built for financial theft as a generic advanced persistent threat (APT) tool is not new, this is the first time we’ve seen Citadel used to target nonfinancial organizations in a targeted/APT-style attack in order to potentially access corporate data, steal intellectual property or gain access to secured corporate resources, such as mail systems or remote access sites," she noted.
Help Net Security/ full article here/ http://www.net-security.org/malware_news.php?id=2866
The following article is a update
(Citadel Trojan Adds Keylogging to Arsenal)By Richard Adhikari
Cybercriminals are using a new version of the dangerous Citadel Trojan, which has been employed to attack the financial and petrochemical industries, to compromise password and authentication solutions, IBM Trusteer has reported.
The new version begins capturing keystrokes, or keylogging, when some processes are running.
It was discovered on a server that already had been infected when IBM Trusteer Apex was installed -- it's not clear how the machine became infected.