For over 5 years, the Trojan Zeus was unquestionably the king of banking malware. Once the Trojan was loaded into the victim's computer, it could:
- Identify when the user gave bank details to the web browser.
- Steal codes and other login information.
- To encrypt the stolen ones information and send it to the attacker's server.
Zeus was also the first malevolent software which was sold under license. With the right price anyone could use it.
Zeus has remained active until today even though its code was published online at 2011. Unfortunately, security experts are already drawing attention to a new malware that makes them Zeus to play. Neverquest raises the bar in online banking malware.
How does it work:
Like Zeus, Neverquest is a Trojan. The attacker introduces Neverquest to the victim's computer via social media, email or someone transportof files. According to the security blog 'Threat post' Neverquest replicates similarly to the Bredolab botnet (Before the Bredolab Botnet was disbanded it consisted of 30 millions computers!).
If the target victim's computer from the Neverquest loader is exposed to a exploit, the malware is installed. At that time, Neverquest begins to observe what the user writes in the web browser. If he recognizes a predetermined financial term, he checks the domain name of the site (Neverquest has hundreds of banking organizations in his database, so he is likely to recognize the site of the bank).
Once Neverquest recognizes a bank site, it will transfer the login information to the attacker's central server. Once the victim's credentials are in the attacker's hands, he will be able to control the victim's computer using any VNC program and connect to the victim's banking website where he will be able to transfer money and change login details. locking out the user.
One Possession of Neverquest that Zeus did not have is that he can add a new bank site to his database. If the Trojan recognizes bank terms but not the domain will send the information back to the server and create a new entry and then update to all the infected computers.
Unfortunately Neverquest is already available for sale. Unlike Zeus, who needed skilled pilots, Neverquest can be used by any beginner with what he bought.
"Threats like Neverquest require more than just a simple antivirus, users need a solution to secure their online transactions," Kaspersky said in a blog post. It is also reported that Neverquest is designed to steal data from various other sites besides banks, such as Facebook, Twitter, Skype, Google.
We thank her warmly SecTeam @ Walkin.