According to security company Eset, which first discovered the malware, the virus tricks online banking customers with phishing emails that appear to have been sent from a trustworthy source.
Robert Lipovsky, a Malware Researcher with Eset, has unveiled that the Hesperbot gang has continually been expanding their operations to different regions. The threat was first observed in Turkey which remains the most targeted country. The Czech Republic is the second most affected country. The Czech campaigns started in September 2013, when we started an active investigation of the botnets. At that time, the other targeted countries were Portugal and the UK. Australia is currently the third most affected country by Hesperbot.
The attackers aim to obtain log-in credentials that give them access to the customer‘s bank account and attempt to lure users into installing a mobile component of the malware on their Symbian, BlackBerry or Android phone. The Trojan is able to update itself, execute new modules and receive configuration files. It can also exfiltrate data from the infected host. The data it targets includes login credentials intercepted by the form-grabber component, keylogger logs and a video consisting of captured screenshots of the login sequence to online banking. The web-injection component will, based on the configuration file, modify specified online banking websites to include a fraudulent web form. This form gives instructions to install a new security module on the user’s smartphone that the bank has purportedly issued.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now