Tatanga: a new banking trojan with MitB functions

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Tatanga: a new banking trojan with MitB functions
Botnet Tatanga
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2011 / 2011-02-25
Editor/Conference S21sec
Link http://securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html (Archive copy)
Author Jozsef Gegeny, Jose Miguel Esparza
Type Blogpost


Recently our e-crime unit has detected a new banking trojan, named as Tatanga, with Man in the Browser (MitB) functions affecting banks in Spain, United Kingdom, Germany and Portugal. Like SpyEye, it can perform automatic transactions, retrieving the mules from a server and spoofing the real balance and banking operations of the users. Its detection rate is very low, and the few antivirus engines that can detect it yield a generic result.

The trojan in question is rather sophisticated. It is written in C++ and uses rootkit techniques to conceal its presence, though on occasion, its files are visible. The trojan downloads a number of encrypted modules (DLLs), which are decrypted in memory when injected to the browser or other processes to avoid detection by antivirus software.


   editor = {S21sec},
   author = {Jozsef Gegeny, Jose Miguel Esparza},
   title = {Tatanga: a new banking trojan with MitB functions},
   date = {25},
   month = Feb,
   year = {2011},
   howpublished = {\url{http://securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html}},