14 DAY TRIAL // Trojan.Grolker, a threat used by cybercriminals since mid-2012 to steal the credentials of online gamers, is now being utilized to steal banking credentials as well.
According to Symantec, the malware has been spotted mostly in South Korea, likely because online games are highly popular in the country. Some infections have also been seen in Hungary, but not as many as in Korea.
Until recently, Grolker has focused on stealing gaming-related information. However, the latest variant shows that the Trojan doesn’t only monitor browsers for gaming websites, but also for banking sites.
When victims visit sites that present interest, the malware injects malicious JavaScript in order to steal sensitive information.
What’s interesting about Grolker is that unlike other banking Trojans, which inject their components directly into the browser process, it uses the Browser Helper Object to hook itself into the Internet Explorer process.
Additional technical details on Grolker are available on Symantec’s blog.