New Corkow Trojan Designed to Attack Ukrainian and Russian Internauts; ESET

ESET the security company is keeping watch over certain Trojan, which cyber-crooks are apparently employing for attacking Internauts within Ukraine and Russia. Detected mainly as banking Trojan, the threat is given the name Win32/Corkow; however, there are many noteworthy features to its nature.

Security researchers at ESET described this malware as modular implying its designers, with the help of different plug-ins, could increase the functionalities of the threat.

Corkow essentially is capable of intercepting keystrokes for filching passwords; of capturing screenshots; as well as of inserting phishing pages for so duping end-users that they would give away their financial and other personal information.

However, in addition to the above known characteristics of any banker Trojan, there are as well modules inside Corkow, which enable hackers to gain remote access, along with install "Pony" the all-pervasive grabber of passwords that ESET has identified to be Win32/PSW.Fareit.

An additional program incorporated into Corkow gathers various kinds of details the infected PC educes viz. the different software installed along with what was last used; the different active processes, in addition to browser history.

Interestingly, the malware then studies all these details and searches for 180 or more particular strings, which chiefly associate with different trading platform software as well as websites, and banking software/websites.

Moreover, notably, Corkow as well hunts for applications and websites associated with the virtual money Bitcoin along with PCs that Android creators use for publishing their software programs via Google Play.

Remarking about this capability of Corkow, Graham Cluley Security Specialist who works independently stated that it was perhaps obvious what the Corkow perpetrators thought of doing via illegitimately acquiring admission into the Bitcoin accounts of their victims, although there could as well be threatening consequences once the wrong people got to have a hold on the login credentials belonging to an actual Android developer. Help Net Security published this dated February 14, 2014.

Furthermore, there is certain anti-analysis technique Corkow utilizes i.e. encrypting its payload with C: drive's Volume Serial Number, while in case of moving that payload onto a different PC, it would not begin acting malevolently.

» SPAMfighter News - 2/20/2014