Watch Out for CoreBot, New Stealer in the Wild
When it
comes to discovering new malware, it is much more common for researchers to run
across information stealers, ransomware and remote-access tools (RATs) than it
is to encounter brand new complex codes like banking Trojans or targeted attack
tools such as Duqu.
Nonetheless,
it is the lesser breeds, like information stealers and RATs, that are a lot
more prolific in the wild. And while banking Trojans or targeted attacks are
quite specific in what they do, information stealers are by far less discriminatory
and thus end up affecting a greater number of people and organizations.
That
brings us to CoreBot, a new information stealer discovered and analyzed by IBM
Security X-Force researchers, who indicate this is one malware piece to watch
out for. CoreBot appears to be quite modular, which means that its structure
and internal makeup were programmed in a way that allows for the easy adding of
new data theft and endpoint control mechanisms.
CoreBot
was discovered while the researchers were studying the activity of malware on
Trusteer-protected enterprise endpoints. The malware’s compiled file was named
“core” by its developer. Antivirus engines do not specify this malware’s name
yet and detect it under generic names such as Dynamer!ac or Eldorado. But while
CoreBot may appear artless at first glance, without real-time theft
capabilities, it is more interesting on the inside.
Info Stealers: Prevalence and Risk Factors
When it
comes to generic malware, many believe it is less targeted and therefore less
damaging than more elaborate malcode. In reality, the opposite is true. Generic
malware is frequently the sort of Trojan that harvests passwords
indiscriminately, which ends up compromising a broader set of the user’s
personal accounts, including bank account credentials, email and e-wallets.
When they land on an enterprise endpoint, information stealers gather email
credentials, software keys and anything else saved on that drive that can be
interesting to attackers. On top of that, it can download and execute other
malware at will.
Many
times, info-stealer Trojan botnets siphon this sort of data from a myriad of
endpoints and trade it in the underground, selling it to cybercriminals who
will find ways to use or monetize it.
Read on here
Comments
Post a Comment