Security Alert: GootKit and Godzilla Infostealers Target Victims’ Financial Information

[Andra Zaharia]

Two fresh campaigns are currently spreading GootKit and Godzilla Loader, targeting both financial institutions and Internet banking users worldwide.

Are cyber criminals trying to remind us that ransomware is not the only financial malware on the market?

 

[eXDj]

Why Heimdal not have romanian language ?

 

[frogboy]

I just finished reading this over at Heimdal and was about to post it here.

 

[Andra Zaharia]

Why Heimdal not have romanian language ?

We're currently focusing on English, German and Danish, but we will add more languages in the future. I promise that Romanian is on the list as well.

 

[Andra Zaharia]

I just finished reading this over at Heimdal and was about to post it here.

Thanks for your support! I'm really, truly glad you find the blog useful!

 

[frogboy]

Thanks for your support! I'm really, truly glad you find the blog useful!

A long time subscriber here, some very good and helpfull posts over there.

 

[Andra Zaharia]

A long time subscriber here, some very good and helpfull posts over there.

Thank you so much! We will do our absolute best to provide useful guides and posts in 2017 as well.

 

[Vasudev]

Two fresh campaigns are currently spreading GootKit and Godzilla Loader, targeting both financial institutions and Internet banking users worldwide.

Are cyber criminals trying to remind us that ransomware is not the only financial malware on the market?

@Andra Zaharia: Any list of victims and how to identify if the banking site has been infected from end-user's POV?

 

[Andra Zaharia]

@Andra Zaharia: Any list of victims and how to identify if the banking site has been infected from end-user's POV?

Thanks for the great question!

The campaigns are currently ongoing and under investigation, so I can't share any list of victims.

In terms of infection, the infostealers check the URLs in the user's browser to see when the user accesses online banking services. It then works to intercept traffic between the user and the online banking portal.

Also, they can download keyloggers, capture screenshots and they periodically connect to their C&Cs to upload the harvested data.

Once I have more details, I will most definitely add them to the alert. Thanks for your patience!

 

[Vasudev]

The campaigns are currently ongoing and under investigation, so I can't share any list of victims.

In terms of infection, the infostealers check the URLs in the user's browser to see when the user accesses online banking services. It then works to intercept traffic between the user and the online banking portal.

Also, they can download keyloggers, capture screenshots and they periodically connect to their C&Cs to upload the harvested data.

Once I have more details, I will most definitely add them to the alert. Thanks for your patience!

I understand, we don't want say out loud that URL of [some bank] has possible chance of being infected than others. Will looking at certificate issued by Symantec, Comodo etc of bank URL will help us know if the site is trustworthy or not?

 

[Andra Zaharia]

I understand, we don't want say out loud that URL of [some bank] has possible chance of being infected than others. Will looking at certificate issued by Symantec, Comodo etc of bank URL will help us know if the site is trustworthy or not?

Checking the certificate is a great way of knowing if it's safe.

I also recommend using dedicated browsers for online transactions to really minimize the risk. A good example is Bitdefender's SafePay. Other alternatives are listed here: 8 best secure browsers 2016: Private browsing guide

Multi-layered protection is key to protecting against almost any threat. A few key layers include: AV + VPN + password manager + browser security + DNS security. Of course, there are many more, but these are right at the core.

What would you add?

 

[Vasudev]

Checking the certificate is a great way of knowing if it's safe.

I also recommend using dedicated browsers for online transactions to really minimize the risk. A good example is Bitdefender's SafePay. Other alternatives are listed here: 8 best secure browsers 2016: Private browsing guide

Multi-layered protection is key to protecting against almost any threat. A few key layers include: AV + VPN + password manager + browser security + DNS security. Of course, there are many more, but these are right at the core.

What would you add?

I'm little relieved after hearing that. BTW, I use Xubuntu for web browsing than windows.

 

[Svoll]

I also recommend using dedicated browsers for online transactions to really minimize the risk. A good example is Bitdefender's SafePay. Other alternatives are listed here: 8 best secure browsers 2016: Private browsing guide

Thanks for the post and the sugguestions for a secure browser, was hoping Cyber or Waterfox would be on there. Time to check out epic browser.

 

[eXDj]

Checking the certificate is a great way of knowing if it's safe.

I also recommend using dedicated browsers for online transactions to really minimize the risk. A good example is Bitdefender's SafePay. Other alternatives are listed here: 8 best secure browsers 2016: Private browsing guide

Multi-layered protection is key to protecting against almost any threat. A few key layers include: AV + VPN + password manager + browser security + DNS security. Of course, there are many more, but these are right at the core.

What would you add?

And use Heimdal,no?

 

[Andra Zaharia]

And use Heimdal,no?

Didn't want to include any shameless promo, since MalwareTips is not the place for it, but yes, Heimdal PRO can certainly help a great deal. And Heimdal FREE as well, if you're looking to automate your software updates.