Security researchers from ESET monitor the activities of a Trojan that “prefers” bank accounts and appears to be used by maliciouss users looking for their victims in Russia and Ukraine. The Trojan, called Win32/Corkow, is primarily a banking Trojan, but it has several notable features.
According to experts, the Trojan is modular, which means that its creators can expand their capabilities using various plugins.
Corkow copies what its victim types to intercept passwords it can pull screenshots, και να προωθήσει ανυποψίαστους χρήστες σε phishing ιστοσελίδες για να τους ξεγελάσει και να τους αρπάξει προσωπικά τους data. Other plugins allow cybercriminals to install Pony password-stealer and collect all browsing history.
Still more interesting is that Trojan is particularly interested in login credentials used on websites Bitcoin, but also to the Android developers computers who publish their apps on Google Play.
Experts report that there was a period of 8 months against 2012, in which malware remained idle but suddenly appeared again.
ESET will publish more technical details about malware Corkow next week.