image
A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service (MaaS) model. Custom builds can run as much as $4,000 per month to use, which researchers say is now placing the code out of the range of any but large cybercriminal groups looking to mount mass campaigns. “The price tag is steep, especially for the Russian audience [to whom it is marketed], where 500 USD is an average rent for a small 1 bedroom apartment in the outskirts of Moscow,” Malwarebytes researchers said. Silent Night is advertised with a host of features, according to a Thursday analysis from Malwarebytes. These include: Web injections and form grabber with support for Google Chrome, Mozilla Firefox and Internet Explorer; proxy services via HiddenVNC and SOCKS5; keylogger for browser activity; the ability to take screenshots; cookie stealer for Chrome, Firefox and IE; and a password-stealer for Chrome. The ad also lists “protective gear” to make analysis more difficult, consisting of a unique custom obfuscator that the author said “morphs all code and encrypts strings and all constant values in the code.” According to researchers, all of the malicious modules are obfuscated. “The characteristics of the obfuscation indicates that it has been applied on the source-code, pre-compilation,” according to the analysis. “It contrasts with most malware, where the only protection…

Source