Banking malware Vawtrak attacks financial institutions in Canada
The trojan-banker Vawtrak, also known as Neverquest has re-surfaced and is found targeting banks and financial institutions in Canada. The malicious capabilities of Vawtrak include taking screenshots, video footage and launching man-in-the-middle attacks. It is spread via drive-by-downloads mostly originating from Russian domains.
Apart from affecting individual computers Vawtrak also creates a botnet and has gathered 15,000 computers in Canada so far, for this purpose. Heimdal Security have analysed this threat in detail on their blog.
Financial malware spread through drive-by-downloads
It all begins with a drive-by-download that places a downloader on the system. Once ready, it connects to one of the many malicious domains and downloads the other components of Vawtrak. Like many other cases that we have seen in the past including SuperFish, PrivDog and misuse of certificates for Google domains, this malware also steals information by using a man-in-the-middle attack. Vawtrak redirects traffic through a compromised system while giving you the false impression that your connection is secure, thus allowing cyber criminals to intercept and steal the data. This is how the hackers manage to get access to unauthorized financial information, but the story doesn’t end here. The cyber criminals then use remote desktop computing to take hold of the victims computer to perform any transactions, which makes it is almost impossible for banks to detect anything abnormal, giving the hackers complete anonymity. Financial data has always been a hacker magnet since it provides immediate returns.
Staying away from Vawtrak
The banking trojan is transmitted in various ways, using phishing websites, malicious advertisements, malicious code injected in legitimate websites and more. Having a watchful eye can keep several such threats out of the picture.
Since Vawtrak can also be spread through exploits placed on malicious websites, it is important to keep all your software up to date and vulnerabilities patched. Also ensure, that you have up to date protection like Emsisoft Anti-Malware.
Have a nice (malware-free) day!Emsisoft Online Armor was replaced by Emsisoft Internet Security