Various digital threats are now surfacing from different parts of the world. And with the outbreak of COVID19, the descendant of a notorious banking Trojan, Zeus, called Silent Night is growing in popularity over the dark web. As a result, a lot of campaigns distributing the Trojan through COVID-19 themed spam campaigns and RIG exploit kits.
The Trojan Timeline
- Multiple variants of the Terdot Zbot/Zloader category have been developed and released, since the source code of the Zeus banking Trojan was leaked in 2011.
- In the last few months, Zeus Sphinx, which is another variant of the Trojan was found in COVID-19 financial relief scams and in attacks against financial institutions.
- Recently it has been noticed that a new variant to the Zeus Trojan called Silent Night has been released with version 1.0 stamped.
- This new variant is sold at $4,000 per month for a custom build, $2,000 for the general build and $500 to just test it for 14 days.
Silent Night
- According to researchers, Silent Night is capable of collecting information from online forms as well as and is further capable of injecting in browsers such as Google Chrome, Mozilla Firefox, and Internet explorer.
- It is compatible with all operating systems.
- On the Chrome browser, the malware is even capable of performing keylogging, taking screenshots, stealing cookies, and collecting passwords.
- As web injections are performed the malware directs ongoing sessions of the user to malicious domains and steals the credentials to access its online banking services. The stolen information is then sent to the operator’s command and control (C2) server.
- An original form of obfuscation is used with on-demand decryption. The Silent night control panel is outlined by an open directory found in the malware sample, including minimum configurations on a Linux machine.
- There are similarities between Silent Night and Terdot.
Since the design of the Silent Night is clean and consistent, its evolution can lead to the theft of catastrophic measures.
To read more, please check eScan Blog
