Tatanga: a new banking trojan with MitB functions
(Publication) Google search: [1]
| Tatanga: a new banking trojan with MitB functions | |
|---|---|
| Botnet | Tatanga |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2011 / 2011-02-25 |
| Editor/Conference | S21sec |
| Link | http://securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html (Archive copy) |
| Author | Jozsef Gegeny, Jose Miguel Esparza |
| Type | Blogpost |
Abstract
“ Recently our e-crime unit has detected a new banking trojan, named as Tatanga, with Man in the Browser (MitB) functions affecting banks in Spain, United Kingdom, Germany and Portugal. Like SpyEye, it can perform automatic transactions, retrieving the mules from a server and spoofing the real balance and banking operations of the users. Its detection rate is very low, and the few antivirus engines that can detect it yield a generic result.
The trojan in question is rather sophisticated. It is written in C++ and uses rootkit techniques to conceal its presence, though on occasion, its files are visible. The trojan downloads a number of encrypted modules (DLLs), which are decrypted in memory when injected to the browser or other processes to avoid detection by antivirus software.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR4744,
editor = {S21sec},
author = {Jozsef Gegeny, Jose Miguel Esparza},
title = {Tatanga: a new banking trojan with MitB functions},
date = {25},
month = Feb,
year = {2011},
howpublished = {\url{http://securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html}},
}