14 DAY TRIAL // Security researchers from browsing security firm Trusteer warn that an older, but relatively obscure, piece of malware has been modified for financial fraud.
The trojan, which the firm dubs Sunspot, is currently detected by only 9 out of the 42 antivirus engines available on Virus Total.
Its infection rate is on par with that of SpyEye and ZeuS in some regions and there have already been confirmed fraud loses associated with it.
Despite having existed for some time, this is a modern and very sophisticated piece of malware. It comes with all the features expected of a banking trojan.
This includes the ability to execute man-in-the-browser attacks like web injections, page grabbing, key-logging and screenshot taking
It can infect both 32 and 64-bit Windows installations and can hook into Internet Explorer and Mozilla Firefox, which makes it comparable to other financial fraud trojans.
Trusteer researchers were able to decrypt its configuration and found out that it received instructions to grab account balance figures, last login date and other information from a victim's account, as well as ask them for additional financial and personal details.
The trojan sample analyzed by Trusteer was reporting back to a command and control server in Russia. Sunspot "reveals a new approach to financial malware development," says Trusteer's CTO Amit Klein.
"Unlike purpose built financial fraud platforms like Zeus, SpyEye, Bugat, and others, it appears Sunspot was not originally developed as crime ware. If this is the case, we could be witnessing a sea change in malware development where general purpose and little know malware platforms are re-programmed to carry out financial fraud.
"This will make it even more difficult to defend against attacks since banks will be ambushed by a growing number of unique financial malware platforms," the security expert warns.