Citadel Trojan


Brazen Crimeware Marketing Branches Out to Social Networks

The secrecy of underground forums where financial malware and crimeware kits are traded is well guarded, to the point that few are able to penetrate them without some kind of internal sponsor. Here, criminals value their privacy as much as those from whom they steal. That’s what makes a recent discovery from RSA Security’s FraudAction […]


How many inconspicuous botnets are alive and siphoning banking credentials and real money from online accounts that get little to no attention? They feast on unwitting consumers using an array of available banking Trojans to steal legitimate log-in information and sell it to the highest bidder, often with great success because they got lost in the sea of similar campaigns. Researchers at Dutch security company Fox-IT recently took apart an average botnet running amok in the Netherlands called Pobelka, a Russian word that means whitewash (perhaps a euphemism for money laundering). The analysis paints a picture of the simplicity with which even a small criminal organization can spread malware for profit, virtually unscathed.

The elusive authors of the Citadel Trojan have released a new version of their banking botnet malware and service. The latest version, the sixth since it debuted in January and dubbed Rain, includes a dynamic configuration mechanism that allows botmasters to inject malicious content to compromised browsers on the fly. This real-time interaction with bots avoids the need to send an updated configuration file to the entire botnet and lessens the risk of detection by security operations.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.