14 DAY TRIAL // Last year, several individuals suspected of committing crimes with the aid of the notorious Carberp banking Trojan were arrested. After the arrests, the number of infections has dropped considerably, but the malware keeps evolving.
According to security researchers from ESET, Carberp is still the most commonly used malware for banking fraud in Ukraine and Russia.
Besides new injection techniques, the cybercriminals behind Carberp continue using legitimate pieces of software in an effort to evade detection.
In 2010, they utilized modified versions of Thinsoft BeTwin for RDP and TeamViewer. However, since these altered applications were flagged as malware by antivirus solutions, in 2011, the criminals started using a legitimate variant of Mipko Personal Monitor.
Last year, they turned to Ammyy Admin, another legitimate tool used not only by cybercriminals, but also by phone scammers.
A detailed technical analysis of the latest Carberp malware is available on ESET’s We Live Security blog.