Kaspersky Lab has recently published an article about a new “banking Trojan”, called Neverquest, which is a new Trojan horse virus, capable of recognising hundreds of financial sites, including hundreds of English, German, Italian and Indian banking platforms. This Trojan is particularly dangerous, as it spreads itself via social media, email and file transfer protocols.
How it can drain your accounts
When the infected users try to login to their banking sites the virus reacts by activating itself and stealing user credentials. Neverquest then sends the stolen credentials to its command and control server. After getting the credentials, attackers can use them to remotely log into compromised accounts via virtual network computing (VNC). With this technique, attackers are basically using the victim’s own computer to (potentially) empty their bank accounts, which makes it very hard to distinguish between legitimate transactions and thefts.
When your account is breached...
Once the attacker has complete control over the victim’s account, he can empty it into a different account under his control. However, to make the money more difficult to be traced, attackers often make several transfers to other victims’ accounts, before obtaining the money themselves.
It's not a new thing
Banking Trojans have been around for some time. According to Sergey Golovanov, principal security researcher at Kaspersky Lab, Neverquest is trying fill in some holes in the market:
“After wrapping up several criminal cases associated with the creation and proliferation of malware used to steal bank website data, a few ‘holes’ appeared on the black market. New malicious users are trying to fill these with new technologies and ideas. Neverquest is just one of the threats aiming to take over the leading positions previously held by programs like ZeuS and Carberp.”
To read more about Neverquest, visit the official blog of Kaspersky.