For over 5 years, the Trojan Zeus was unquestionably the king of banking malware. Once the Trojan was loaded into the victim's computer, it could:
- Identify when the user gave bank details to the web browser.
- Steal codes and other login information.
- Encrypt stolen information and send it to the attacker's server.
Zeus was also the first malware which was sold under license. With the right price anyone could use it.
Zeus has remained active until today even though its code was published online at 2011. Unfortunately, security experts are already drawing attention to a new malware that makes them Zeus to play. Neverquest raises the bar in online banking malware.
How does it work:
Like Zeus, Neverquest is a Trojan. The attacker introduces Neverquest to the victim's computer via social media, email or some file transfer. According to the security blog 'Threat post' Neverquest replicates similarly to the Bredolab botnet (Before the Bredolab Botnet was disbanded it consisted of 30 million computers!).
If the victim's computer targeted by the Neverquest loader is exposed to an exploit, the malware is installed. Then, Neverquest begins to observe what the user types in the web browser. If it recognizes a predetermined financial term, it checks the domain name of the website (Neverquest has hundreds of banking institutions in base his data so there is a high probability that he will recognize the bank's site).
Once Neverquest recognizes a bank site, it will transfer the login information to the attacker's central server. Once the victim's credentials are in the attacker's hands, he will be able to control the victim's computer using any VNC program and to connect to the victim's banking website, in which case he will be able to transfer money and change the Login details by 'locking out' the user.
One Possession of Neverquest that Zeus did not have is that he can add a new bank site to his database. If the Trojan recognizes bank terms but not the domain will send the information back to the server and create a new entry and then update to all the infected computers.
Unfortunately Neverquest is already available for sale. Unlike Zeus, who needed skilled pilots, Neverquest can be used by any beginner with what he bought.
"Threats like Neverquest require more than just a simple antivirus, users need a solution to secure their online transactions," Kaspersky said in a blog post. It is also reported that Neverquest is designed to steal data from various other sites besides banks, such as Facebook, Twitter, Skype, Google.
We thank her warmly SecTeam @ Walkin.