Spanish security firm S21sec has identified a new banking trojan capable of injecting HTML into all popular browsers which uses a rootkit to hide its components.
Dubbed Tatanga, the trojan is written in C++ and is organized in modules with different functionality which are decrypted in memory as needed.
Like other banking trojans, Tatanga executes Man-in-the-Browser (MitB) attacks in order to perform unauthorized transactions from the accounts of its victims.
The trojan currently targets banks from Western European countries, particularly the United Kingdom, Germany, Spain and Portugal.
It currently has a very low detection rate. A signature-based Virus Total scan reveals that only 9 in 43 antivirus engines currently detect the infector as malicious and most of them do it under generic names.
Microsoft calls it Trojan:Win32/Mariofev.B and has first added detection for it on September 03, 2010. However, the definition was updated a week ago, probably to account for new variants.
More details - link
Dubbed Tatanga, the trojan is written in C++ and is organized in modules with different functionality which are decrypted in memory as needed.
Like other banking trojans, Tatanga executes Man-in-the-Browser (MitB) attacks in order to perform unauthorized transactions from the accounts of its victims.
The trojan currently targets banks from Western European countries, particularly the United Kingdom, Germany, Spain and Portugal.
It currently has a very low detection rate. A signature-based Virus Total scan reveals that only 9 in 43 antivirus engines currently detect the infector as malicious and most of them do it under generic names.
Microsoft calls it Trojan:Win32/Mariofev.B and has first added detection for it on September 03, 2010. However, the definition was updated a week ago, probably to account for new variants.
More details - link
