Security researchers from ESET are tracking the activities of a Trojan that "prefers" bank accounts and appears to be used by malicious users looking for their victims in Russia and Ukraine. The Trojan, called Win32/Corkow, is primarily a banking Trojan, but has several notable possibilities.
According to experts, the Trojan is modular, which means that its creators can expand its capabilities using various plugins.
Corkow copies what its victim types to intercept codeς πρόσβασης, μπορεί να τραβήξει screenshots, and forward unsuspecting users to phishing websites to trick them into stealing their personal information. Other plugins allow cybercriminals to install Pony password-stealer and collect all browsing history.
Still more interesting is that Trojan is particularly interested in login credentials used on websites Bitcoin, but also to the Android developers computers who publish their apps on Google Play.
Experts report that there was a period of 8 months against 2012, in which malware remained idle but suddenly appeared again.
ESET will publish more technical details about malware Corkow next weekteam.