14 DAY TRIAL // Panda Software has announced the detection of a new breed of malicious software dubbed Banbra.DCY. The Trojan horse is involved in online banking fraud, and while being limited to financial institutions of Brazil, Panda Software has warned of the techniques generalization. The Trojan horse is an evolved keylogger. In this context, the malware was adapted to the implementation of virtual keyboards by the online banking services. The virtual keyboard is a GUI implemented as a security solution against traditional keyloggers as it makes online operations independent of the keyboard. In this context, Banbra.DCY makes video captures of the screen as the client interacts with the virtual keyboard and stores the recorded data as video files.
"The most worrying aspect is not the Trojan itself, but the mechanism it uses to steal user data. We are pretty sure that there will other malicious codes that use the same technique, but will target users of other banks or other Internet services," explained Luis Corrons, director of PandaLabs.
Instead of capturing keystrokes, Banbra.DCY captures screenshots of the online activity associated with transaction or the accessing of banking services. The recordings are saved as .avi files and then find their way to the fraudsters.
"If a Trojan that collects data in the same way as Banbra.DCY was installed on a system and carried out actions without the user realizing, the consequences could be disastrous", adds Luis Corrons. "There are many malicious codes which, as they are distributed to few computers and act silently, are unknown to security companies which, therefore, cannot prepare the corresponding vaccine. This is another good reason to use proactive technologies that detect threats without needing to identify them first, as they analyze the behavior of the code and decide whether they pose a threat to users or not."