BRATISLAVA, PRAGUE – ESET researchers published today another installment in their ongoing series of Latin American banking trojans. Since 2018 they have investigated Vadokrist, a trojan that is specifically focused on Brazil. The malware utilizes backdoor functionality and is distributed via malicious spam emails targeting financial institutions.
Unlike most other Latin American banking trojans, Vadokrist does not collect information about victims immediately after successfully compromising their machines. Nevertheless, based on ESET analysis, Vadokrist seems to share several important features with Amavaldo, Casbaneiro, Grandoreiro, and Mekotio – other Latin American banking trojans described earlier in the research series.
“The vast majority of Latin American banking trojans collect information about the victim’s machine when first run. The only information Vadokrist collects is the victim’s username, and it does so only after initiating an attack on a targeted financial institution,” says ESET researcher Jakub Souček, coordinator of the team that analyzed Vadokrist.
“Despite its lack of capability to collect information, Vadokrist can manipulate the mouse and simulate keyboard input, log keystrokes, take screenshots, and restart the machine. It is also able to prevent access to banking websites by killing the browser process, which we believe is a technique to prevent victims from accessing their online bank accounts, aiding the attackers in retaining control,” explains Souček.
For more technical details about Vadokrist, read the blog post “Vadokrist – A wolf in sheep's clothing” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.
Execution chain recently used by Vadokrist
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defences in realtime to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centres worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit https://www.eset.hk/ or follow us on Facebook.