14 DAY TRIAL // According to researchers from IT security firm McAfee, a new banking Trojan is currently making the rounds in the wild.
Dubbed Hesperus (“evening star” in Greek), or Hesperbot, the threat is active mainly in the Czech Republic and Turkey. However, experts warn that it’s slowly spreading all across the world.
The malware is designed to steal online banking credentials by injecting HTML scripts into specific bank-related websites. For each of its tasks, Hesperus relies on a different module, each module and data being encrypted.
It’s also worth noting that the Trojan communicates with its command and control server via SSL, it can read smart cards with the aid of WinScard.dll, and it utilizes the Twofish encryption algorithm.
In order to disguise its communications, the threat injects its entire code into attrib.exe and then into explorer.exe.
Additional technical details of Hesperus are available on McAfee’s blog.