In January, SecureWorks researchers discovered a new banking trojan, “Bugat”, was being used to steal the financial credentials of customers of more than a dozen large and mid-sized US banks. The trojan operates similar to other data-stealing malware like “Zeus” and “Clampi” in that it monitors its infected users web browsing activity and searches for the URLs of targeted financial institutions, stealing credential information and relaying it back to the criminals’ hands. The “Bugat” trojan also has phishing capabilities that attempt to cipher additional information by modifying banking login pages to ask users for information like their PIN number and mother’s maiden name. While this trojan does not appear to be widespread, the introduction of “Bugat” shows that there is a criminal market for malware designed for financial data theft.
While the article downplays the immediate seriousness of this issue form the big-picture point of view, the facts I find most alarming are in the new capabilities not commonly found in banking trojans. The fact that this trojan uses HTTPS to secure its command-and-control communications to keep stolen data safe from other hackers and also has the functionality to steal FTP credentials, brings to light a whole new level of features that could be potentially damaging and harder to catch. Trojans have and always will be constantly improving on older models to make them less detectable and harder to prevent against. This is why it is so important to stay updated on your defense against them and other attacks.
You can read the full article of this summary and analysis here: New “Bugat” Trojan Harvesting Banking Credentials