Watch out for CoreBot, new stealer in the wild

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Watch out for CoreBot, new stealer in the wild
Botnet CoreBot
Malware
Botnet/malware group Banking, Stealing
Exploit kits
Services
Feature Domain generation algorithm
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2015 / 2015-08-28
Editor/Conference Security Intelligence
Link https://securityintelligence.com/watch-out-for-corebot-new-stealer-in-the-wild/ (Archive copy)
Author Limor Kessem, Martin Korman
Type Blogpost

Abstract

That brings us to CoreBot, a new information stealer discovered and analyzed by IBM Security X-Force researchers, who indicate this is one malware piece to watch out for. CoreBot appears to be quite modular, which means that its structure and internal makeup were programmed in a way that allows for the easy adding of new data theft and endpoint control mechanisms.

CoreBot was discovered while the researchers were studying the activity of malware on Trusteer-protected enterprise endpoints. The malware’s compiled file was named “core” by its developer. Antivirus engines do not specify this malware’s name yet and detect it under generic names such as Dynamer!ac or Eldorado. But while CoreBot may appear artless at first glance, without real-time theft capabilities, it is more interesting on the inside.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR4775,
   editor = {Security Intelligence},
   author = {Limor Kessem, Martin Korman},
   title = {Watch out for CoreBot, new stealer in the wild},
   date = {28},
   month = Aug,
   year = {2015},
   howpublished = {\url{https://securityintelligence.com/watch-out-for-corebot-new-stealer-in-the-wild/}},
 }