New Beta Bot Trojan Targets Banks and ECommerce Platforms
In the recent months, a new type of banking malware called Beta Bot has emerged. The aim of this malicious program is e-commerce. The worst part is that Beta Bot is armed with a variety of features that make it hard to detect and remove.
Investigation led by RSA Security’s official Limor Kessem revealed that since January the bot gradually evolved from HTTP bot to banking trojan. Furthermore, it was discovered that the Beta bot is equipped with many attack vectors.
After the investigation, a shortlist was conducted which included targets of the Beta Bot. The List consists of social networking sites, large financial institutions, online retailers, payment platforms, gaming platforms, providers of webmail etc.
The devices become infected with Beta bot after a simple click, done by the user, which allows the bot to act. The features that make it hardly detectable and removable start to operate as soon as it’s deployed.
One of the defense mechanism used by malware is to block a user from connecting to certain antivirus or security provider websites. The attacker selects which webpages to block and where to redirect the user when he is trying to reach them.
According to Kassem Beta bot can avoid sandboxes and it can operate not only in virtual machines. Moreover, the program is capable of terminating processes of other malware thus preventing them from spreading on the system.
Once Beta Bot starts working it will take over the control of the computer, store collected data in a MySQL database, install other malware and fools users to make corrupt banking transactions.
Although the developer of Beta Bot is only selling the binaries and has no intention in selling the builder, it may be purchased in some less known online forums. The price tag of the builds, that usually come with customized server-side control panel interface, ranges from $320 to $500.
Despite the achievements in detecting malicious programs, banking trojans are still leading the race. The evidence is the latest improvements and activities by Trojan called Shylock. Last month it started an attack which is the cause of collapse of less profitable banks. Furthermore, social networks became the selling dock of other malicious program called the Zeus Trojan. A newer version of the mentioned malware is being sold since April.