Security firm ESET has discovered a new and effective banking trojan, targeting online banking users and designed to beat the mobile multi-factor authentication systems.
Hesperbot detected as Win32/Spy.Hesperbot is very identical to the infamous Zeus and SpyEye Banking Malwares and infects users in Turkey, the Czech Republic, Portugal, and the United Kingdom.
Trojan has functionalities such as keystroke logging, creation of screenshots and video capture, and setting up a remote proxy.
The attackers aim to obtain login credentials giving them access to the victim’s bank account and getting them to install a mobile component of the malware on their Symbian, Blackberry or Android phone.
Some other advanced tricks are also included in this banking Trojan, such as creating a hidden VNC server on the infected system and can do network traffic interception with HTML injection capabilities.
So far, the Trojan hasn’t spread too far. The campaign was first detected in the Czech Republic where the attackers had used phishing emails impersonating the country’s postal service. Armed with this information, the crooks can try to log into victims’ online bank accounts to siphon off their cash.
The trojan also harvests email addresses from the infected system and sends them to a remote server. It is possible that these collected addresses were also targeted by the malware-spreading campaigns.
As for the UK, a special variant of the malware has been created, but ESET said it could not provide any further detail on it.