Hybrid Zberp Trojan targets bank users around the world
Posted on 27.05.2014
A new threat created by the amalgamation of the publicly available code of two of the most (in)famous malware around is targeting users of over 450 financial institutions around the world, warn Trusteer researchers. Currently the most targeted are users in the US, Australia, and the UK.

The creators of Zberp - as the researchers dubbed the threat - have used the leaked source code of both the Zeus/Zbot and Carberp banking Trojans.

The Zeus/Zbot malware needs no introduction, as it's been the top banking Trojan for a few years now. The Carberp Trojan is a complex piece of malware that is capable not only of stealing sensitive information, but also of modifying a computer's hard drive's master boot record (MBR) in order to avoid being detected by antivirus software present on the targeted machine.

This new "hybrid beast" allows those who wield it to collect basic system information, take screenshots, steal data submitted in HTTP forms, user SSL certificates, and FTP and POP account credentials. And the malware is apparently also capable of performing Web injections, MITM and MITB attacks, and initiating remote desktop connections .

It's hybrid nature is best witnessed in the way it evades detection: by deleting and rewriting the registry key that allows it to persist on the system so that it wouldn't be spotted by AV solutions after the system is booted; by hiding its configuration code in an image file; by "hooking" into the browser to get control of it, but also to evade AV software; and by securing the communication channel through which it contacts its C&C.

This is not the first time that malware developers used Carberp's code to create a new threat - late last year, the first ever information-stealing Trojan targeting SAP enterprise software was also partly based on it.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th