A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service (MaaS) model. Custom builds can run as much as $4,000 per month to use, which researchers say is now placing the code out of the range of any but large cybercriminal groups looking to mount mass campaigns. “The price tag is steep, especially for the Russian audience [to whom it is marketed], where 500 USD is an average rent for a small 1 bedroom apartment in the outskirts of Moscow,” Malwarebytes researchers said. Silent Night is advertised with a host of features, according to a Thursday analysis from Malwarebytes. These include: Web injections and form grabber with support for Google Chrome, Mozilla Firefox and Internet Explorer; proxy services via HiddenVNC and SOCKS5; keylogger for browser activity; the ability to take screenshots; cookie stealer for Chrome, Firefox and IE; and a password-stealer for Chrome. The ad also lists “protective gear” to make analysis more difficult, consisting of a unique custom obfuscator that the author said “morphs all code and encrypts strings and all constant values in the code.” According to researchers, all of the malicious modules are obfuscated. “The characteristics of the obfuscation indicates that it has been applied on the source-code, pre-compilation,” according to the analysis. “It contrasts with most malware, where the only protection…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-05-21 11:41:002020-05-21 11:41:00Silent Night Banking Trojan Charges Top Dollar on the Underground
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org