RSA FraudAction

Carberp Banking Trojan Goes Commercial; Adds Bootkit and $40K Price Tag

You can say one thing for the underground malware distribution market, there’s certainly never a lack of drama. Weeks after the banning of Aquabox, the keeper of the Citadel banking Trojan, from an underground forum, another player has popped up to fill the market gap, this time with a new version of the Carberp Trojan.

Planned Cyberattacks on US Banks on Hold

Upwards of 30 major U.S. banks and financial institutions have been given a reprieve. The hacker behind a coordinated attack against giants such as Bank of America, Chase, Citibank, PNC, Wells Fargo and nearly two dozen other banks has called off the operation after media reports surfaced a month ago exposing the planned attacks.

The elusive authors of the Citadel Trojan have released a new version of their banking botnet malware and service. The latest version, the sixth since it debuted in January and dubbed Rain, includes a dynamic configuration mechanism that allows botmasters to inject malicious content to compromised browsers on the fly. This real-time interaction with bots avoids the need to send an updated configuration file to the entire botnet and lessens the risk of detection by security operations.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.