The FBI began warning computer users about the Beta Bot Trojan this week, sounding the alarm about malware that has targeted a variety of online payment platforms and financial institutions over the few last months.
According to an intelligence note prepared by the Internet Crime Complaint Center (IC3) yesterday, criminals have begun using the Trojan to block victims’ access to security websites, disable antivirus programs and trick them into giving hackers access to their computers.
According to the FBI, the malware has been spotted popping up on user’s computers in the form of a Microsoft Windows message box. When asked if users want to run a program, “Windows Command Processor,” users are being urged not to click “Yes.” The “User Account Control” box claims to just want to make changes to the computer but in actuality will allow hackers to “exfiltrate data from the computer,” including log-in credentials and financial information.
The malware has also been seen propagating on the popular messaging platform Skype and across USB thumb drives, according to the warning.
While the FBI refers to Beta Bot as new, the malware surfaced at the beginning of the year as an HTTP bot and later expanded its capabilities that spring, according to RSA’s Limor Kessem, who described it as a type of rootkit-based financial malware in May.
“It has since evolved,” Kessem wrote at the time, “donned a trigger list, and was repurposed for financial fraud that includes targets such as banks, ecommerce and even Bitcoin wallets.”
Kessem, who helps run the RSA’s Cybercrime and Online Fraud Communications division said at the time the malware was trying to leverage everything from larger financial institutions to “payment platforms, online retailers, gaming platforms, webmail providers, FTP and file-sharing user credentials,” among other vectors.
While Kessem reported that Beta Bot’s creator was planning to keep the Trojan private but would sell binaries and provide technical support, Beta Bot was never thought to have been as sophisticated as Trojans designed specifically for bank fraud, so it’s unclear if the FBI’s warning coincides with a new rash of Beta Bot infections or a new set of technical capabilities for the malware.
Regardless the FBI is urging any infected users to download antivirus updates onto an uninfected computer or USB drive and run it on the compromised machine.
