ExtremeHacking
Today : | Time : | safemode : ON
> / Main Website / Cyber Surakha Abhiyan / Hackers Charity / Linkedin / facebook / twitter /
Name Author Perms Com Modified Label

Researchers spotted 'Chewbacca', a new Tor-based Banking Trojan Unknown rwxr-xr-x 0 12/19/2013

Filename Researchers spotted 'Chewbacca', a new Tor-based Banking Trojan
Permission rw-r--r--
Author Unknown
Date and Time 12/19/2013
Label
Action
Ethical Hacking Institute in Pune
./Arizona Team

Cyber Criminal activity associated with the financial Trojan programs has increased rapidly during the past few months. However, the Tor-based architecture is the favorite one with online criminals, to hide their bots and the botnet's Command-and-Control real location from the security researchers.







































Security Researchers at anti-virus firm Kaspersky Lab have discovered a new Tor-based banking trojan, dubbed "ChewBacca" ("Trojan.Win32.Fsysna.fej") ,that steal banking credentials and hosted on a Tor .onion domain.


This protects the location of a server as well as the identity of the owner in most cases. Still there are drawbacks preventing many criminals from hosting their servers within Tor. Due to the overlay and structure, Tor is slower and timeouts are possible. Massive botnet activity may influence the whole network, as seen with Mevade, and therefore let researchers spot them more easily.
ChewBacca malware is not first that adopt Tor for anonymity, recently a new Zeus Trojan variant was captured in the wild that also based on Tor network and aimed at 64-bit systems.

Researchers did not mention that how they discovered Chewbacca, or the extent to which it has spread, but they note that the Malware is compiled with Free Pascal 2.7.1.




















After execution of malware on the victim's windows system, it drops as spoolsv.exe in the startup folder and also drops a copy of Tor 0.2.3.25, which runs with a default listing on "localhost:9050". The Trojan then logs all keystrokes and sends the data back to the botnet controllers via Tor anonymity network.


The Malware also enumerates all running processes and reads their process memory. According to the researchers, The Command-and-Control server is developed using LAMP, that is based on Linux, Apache, MySQL and PHP.


Chewbacca is currently not offered in public (underground) forums, like other toolkits such as Zeus. Maybe this is in development or the malware is just privately used or shared.
The botnet's Command-and-Control server login page have an image of a character (ChewBacca) from the film series Star Wars.



www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune

 

Cyber Suraksha Abhiyan | Sadik Shaikh © 2015 Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune
Extreme Hacking Template design by Sadik Shaikh | Cyber Suraksha Abhiyan