Posted on November 20, 2017 at 11:03 AM
Security researchers have called this new Trojan one of the most powerful cyber espionage tools.
The security research team from the security firm, Bitdefender, has confirmed that they’ve identified a malicious new Trojan which could affect users’ banking information. The Trojan, called Terdot, was discovered in June 2016 and appears to be based on the previous Trojan, Zeus. The Trojan operates by injecting the victim’s visited web pages with malicious HTML code. The code, in turn, allows the Trojan to execute man-in-the-middle (MitM) attacks to gather the victim’s banking and credit card data.
However, what’s perhaps more troubling, according to Bitdefender, the Trojan’s capability of gaining access to the victim’s login credential for several social media platforms, including Facebook, Twitter, and Google Plus. The Trojan has also been discovered to target Yahoo users’ login credentials. Surprisingly, the Terdot algorithm prevents it from targeting login credentials from the Russian social media website, vk.com.
In addition to its stealthy login and banking information gathering, Terdot has another complex feature which allows the Trojan to bring about automatic modifications and updates to its code. This enables it to download and run any file as soon as it’s commanded by the hacker. The automatic updating feature means that Terdot could perhaps bypass anti-virus and anti-malware apps and software.
According to Bitdefender’s report, Terdot is based on the Zeus Trojan. In addition, Terdot’s main goal seems to be the gathering of login credentials of social media platforms, as well as popular email services. This aspect, together with its automated update could make Terdot one of the most powerful cyber spying tools to date, as it is almost impossible to detect and to get rid of.
According to Bitdefender, Terdot seems to infect devices, after the targeted user receives an email with malicious PDF attachments.
The earlier damaging Zeus Trojan has been used to create several other Trojans based on its code. Just a few weeks ago, the researching team from Cisco Talos discovered that a group of hackers was exploiting Google’s search results to infect devices with a powerful banking Trojan, called Zeus Panda. The Zeus Panda Trojan seemed to be mainly directed at financial institutions based in India and the Middle East.
However, Tredot seems to target financial institutions based in the US, UK, and Australia.
The team of security researchers has yet to discover Tredot’s country of origin. However, since the Russian vk.com platform seems immune to Tredot, some have suggested that Tredot could have originated from Russia.
According to Balbix’s VP of product and design, Manoj Asnani, Tredot could pose a significant obstacle for large organizations and companies.
According to Asnani, Terdot uses two techniques to infect victims the MitM attack as well as a phishing campaign. While some companies have sufficient cybersecurity measures in place to protect its system against Tredot, the overwhelming majority of companies are only equipped to protect themselves against a single attack method. In order for companies to protect themselves against Tredot, they need to change their security protocols to be multi-vector focused, this will allow them to detect more subtle threats such as Tredot.