Gozi Banking Trojan Upgrades Build to Inject Into Windows 10 Edge Browser
This
post was co-authored with IBM X-Force researcher Or Safran.
---
IBM
X-Force researchers have recently detected a new Gozi Trojan build propagated
to endpoints in the wild.
Alongside
some interesting changes made to the malware, the researchers reported that
Gozi’s developer has successfully updated the Trojan’s code injection mechanism
to implement form grabbing and web-injections in the Windows 10 Edge browser.
Since a
Windows 10 operating system upgrade is offered to home users at no cost, which
has triggered a rather vast adoption of the platform, malware authors are
hurrying to update their codes to deploy on Windows 10 endpoints. Moreover,
since Win10 comes with a new browser, Microsoft Edge, cybercriminals need the
ability to seamlessly operate their malware on that software.
With the
ability to inject the Trojan’s code into the operating system’s and the
browser’s processes, cybercriminals can control the browser for monitoring
victim activity, form grabbing and webinjections, which are among the most
powerful tools criminals have against unsuspecting victims.
Within
that context, Gozi is the most recent Trojan to achieve the ability to inject
code into the Edge browser, but it is not the first.
Tinba v3
can inject code into the Edge browser as well, although it has not been able to
deploy webinjections yet. Ramnit, too, can inject code into Edge and deploy
webinjections on that browser. One of the better-known examples is the Dyre
Trojan, which was reportedly upgraded for successful deployment on Windows 10
endpoints and code injection into the Microsoft Edge browser in November 2015,
before the gang’s takedown.
Read on
by browsing to the full
blog post.
Comments
Post a Comment