Malware can steal Facebook, Twitter and Gmail accounts

Researchers have discovered a new and complex malware variant, based on the famous Zeus bank trojan but not just stealing bank accounts.

Researchers have discovered a new and complex malware variant, based on the famous Zeus bank trojan but not just stealing bank accounts.

Named Terdot, this bank trojan has been around since mid-2016 and was originally designed to attack via MtiM (man-in-the-middle), steal credit card information and inject HTML code into the page. web.

Recently researchers at Bitdefender have discovered this trojan variant with the ability to use open source SSL tools to access social networks and email accounts, even fake fake posts. .

Banking days of using the MitM proxy allow interference in user traffic. Besides, it also has the ability to update automatically to download and execute files.

Bank Trojans but can steal accounts Facebook, Twitter and Gmail

According to the latest analysis, Terdot can target social networks, including Facebook, Twitter, Google Plus, YouTube and email services such as Gmail, live.com of Microsoft or Yahoo Mail.

See also: How to retrieve a hacked Facebook account

Picture 1 of Malware can steal Facebook, Twitter and Gmail accounts

Originally a banking trojan, the Terdot variant also stole the social network account

Interestingly, this malware avoids taking data related to Russia's largest social networking application, VKontakte (vk.com), so its author is from Eastern Europe.

This bank Trojan is mainly spread via hacked website with SunDown Exploit Kit, but can also be accessed via email with a fake PDF button icon. When clicked, it will execute the JavaScript code to load and run the malware file. To avoid detection, it uses a drip, inject and load into parts.

Once infected, it enters the browser process to transfer the web connection to your proxy, read traffic and inject spyware. It also steals the authentication information by viewing the victim's request or injecting the JavaScript spyware code into the response.

Terdot can overcome the limits of TLS (Transport Layer Security) by creating a CA (Certificate Authority) and authenticating the domains that the victim accesses. Any information sent to a customer or social network is viewed and edited by Terdot in real time, meaning it can also be distributed via fake links on social networks.

More information about this trojan, you can read more here.https://labs.bitdefender.com/2017/11/terdot-zeus-based-malware-strikes-back-with-a-blast-from-the-past/

Update 23 May 2019
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile