A new ‘hybrid’ trojan that combines features of two past threats could have affected customers of several hundred financial institutions worldwide, researchers have claimed.
Anti-cybercrime tech developer Trusteer, part of IBM, found that the Zberp Trojan has been targeting more than 450 financial institutions around the world, mainly in the US, UK and Australia.
The new Trojan allows hackers to access the computer name, IP and other basic information of the infected system. It can take screen shots, steal data submitted in HTTP forms, user SSL certificates and FTP and POP account credentials, the researchers said.
The malware’s invisible persistence feature helps it to escape from the routine system scans that take place when the system boots.
The malware is suspected to have been developed using the leaked source codes of the previous malwares Zeus Trojan (Zbot), and Carberp Trojan.
Discovered in 2007, Zbot was developed to attack computers working on Windows OS to steal system information, online credentials, and banking details. It can also be customized to retrieve any other information by targeting configuration files.
The Trojan is reported to have been used to hack into the systems of Bank of America, Oracle, Amazon and Nasa among others.
Carberp, which came into limelight in 2010, is considered to be one of the worst threats to customer data ever detected. Its encryption layer bypasses anti-virus scanners, thus making it difficult to be detected.
The Zeus source code was leaked in 2011, and the Carberp source code was offered for sale in 2013.
Trusteer researchers Martin Korman and Tal Darsan told Security Intelligence, "Since the source code of the Carberp Trojan was leaked to the public, we had a theory that it won’t take cyber criminals too long to combine the Carberp source code with the Zeus code and create an evil monster.
"It was only a theory, but a few weeks ago we found samples of the ‘Andromeda’ botnet that were downloading the hybrid beast."
