For over 5 years, the Trojan Zeus was unquestionably the king of banking malware. Once the Trojan was loaded into the victim's computer, it could:
- Identify when the user gave bank details to the web browser.
- Steal codes and other login information.
- Encrypt stolen information and send it to the attacker's server.
Zeus was also the first malicious software sold. At the right price everyone could use it.
Zeus has remained active to this day although o codewas published online in 2011. Unfortunately, security experts are already drawing attention to a new malware that makes the Zeus to play. Neverquest raises the bar in online banking malware.
How does it work:
Like Zeus, Neverquest is a Trojan. The attacker introduces Neverquest to the victim's computer via social media, email or someone transportof files. According to the security blog 'Threat post' Neverquest replicates similarly to the Bredolab botnet (Before the Bredolab Botnet was disbanded it consisted of 30 million computers!).
If the target victim's computer from the Neverquest loader is exposed to a exploit, the malware is installed. At that time, Neverquest begins to observe what the user writes in the web browser. If he recognizes a predetermined financial term, he checks the domain name of the site (Neverquest has hundreds of banking organizations in his database, so he is likely to recognize the site of the bank).
Once Neverquest recognizes a bank site, it will transfer the login information to the attacker's central server. Once the victim's credentials are in the attacker's hands, he will be able to control the victim's computer using any VNC program and connect to the victim's banking website where he will be able to transfer money and change login details. locking out the user.
One feature of Neverquest that Zeus did not have is that it can add new banking sites to its database. If the Trojan recognizes banking conditions but not the domain will send the information back to the server and create a new entry and then update all infected computers.
Unfortunately Neverquest is already available for sale. Unlike Zeus, who needed skilled pilots, Neverquest can be used by any beginner with what he bought.
As Kaspersky states on its blog, “Threats like Neverquest require more than just an antivirus, the users they need a solution that secures their online transactions". It is also reported that Neverquest is designed to intercept data from various other sites, apart from banks, such as Facebook, Twitter, Skype, Google.
We thank her warmly SecTeam @ Walkin.