Virus CoreBot Turned into a Dangerous Banking Trojan

Posted By Morgan on Oct 15, 2015 | 3 comments

In late August, a new Trojan Virus CoreBot was discovered by IBM specialists. At first, it did not look particularly dangerous: its possibilities were limited to stealing local passwords and personal data of users in different browser and desktop applications. However, experts were seriously concerned about the modular structure of the new threat that promised great potential for its development.

And they were right. In the first ten days of September CoreBot turned into a full-fledged banking Trojan.

What makes new Trojan virus CoreBot so dangerous?

Virus CoreBot turned into a dangerous banking Trojan

The banking Trojans group, to which CoreBot can now be attributed, is dangerous primarily due to its ability to circumvent not only the protection of anti-virus programs but also the standard types of two-factor authentication.

The most famous Trojan viruses, such as Zeus and SpyEye, belong to the category called “Automated Transfer Systems”. These malicious programs do not only steal passwords and numbers of payment cards but also transfer funds from the client’s account on the fake account by wedging between the user and the site to which it refers.

Such viruses keep track of addresses visited by the infected computer. When an authorization on the service from the list of the Trojan takes place, at once the function for login and password interception is activated. After that, the Trojan displays to the user a fake (phishing) page, on which on the behalf of the bank asks to enter some additional information – as a rule, one-time password. When the unsuspecting victim does this operation, the “Automated Transfer System” contacts the bank under the guise of the user and transfers the funds from the customer’s account to a fake account.

How to protect yourself from banking Trojans?

Token Protectimus SMART

In order not to become a victim of hackers, you should first and foremost be careful and do not download a Trojan virus on your computer or phone. The easiest way is to think about the most basic “hygiene” of the Internet surfing: do not click on suspicious links, refrain from downloading and installing on your computer illegal copies of software, update the antivirus in time. Although many of these simple rules seem naive, but nevertheless, their implementation can significantly reduce the risk.

If there is no firm assurance that your computer is not infected by Trojan, and you do not know how to remove a Trojan virus, then you can be rescued with the same two-factor authentication. More precisely, one of its newest features – CWYS (Confirm What You See), which is implemented and maintained in the products of the Protectimus Company. When this function is enabled, the one-time password generation is held with the help of the key transaction data – such as the amount of the transfer, the currency which is used, addressee etc. Even if the one-time password is stolen by hackers, the system does not recognize its authenticity. An attacker can use it only for the specific signature of the original transaction. In case the transaction data are changed, it will be obligatory to replace the data during the OTP generation, which is impossible.

No matter how ingenious creators of viruses are, usually all their tricks receive an adequate and quick response. Security technologies, including two-factor authentication, are becoming more reliable and convenient for customers.