ESET HQ malware research lab is reporting new campaigns of the very effective banking trojan Hesperbot. As previously uncovered by ESET, Hesperbot is using very credible-looking spreading campaigns related to trustworthy organizations and lures victims to run the malware. Based on LiveGrid® data – ESET’s cloud-based malware collection system – and research analysis, it has new big targets: banks and users in Germany and Australia. Meanwhile, large infection waves continued in the Czech Republic.
The malware itself has evolved as well – now ESET has researched versions of Hesperbot that can steal bitcoins. Namely, it includes a module that attempts to access Bitcoin wallets that store private keys.
“With the current high value of Bitcoin, the decision to add this module is quite understandable,”says Robert Lipovsky, who heads ESET research into Hesperbot.
Some advice on how to keep your Bitcoins safe can be found on ESET news site WeLiveSecurity.com.
This sophisticated banking malware dubbed Hesperbot is spreading via phishing-like emails and also attempts to infect mobile devices running Android, Symbian and Blackberry. Detected as Win32/Spy.Hesperbot, this threat features keylogger capabilities, can create screenshots and video capture, and set up a remote proxy. The attackers aim to obtain login credentials giving them access to the victim’s bank account and getting them to install a mobile component of the malware on their Symbian, Blackberry or Android phone.
“The Hesperbot operators are very active, causing real financial losses for bank’s customers and it seems we still haven’t heard the last of this malware,” concludes Lipovsky.
More detailed analysis of this malware is available in the blogpost New Hesperbot targets: Germany and Australia that can be found at WeLiveSecurity.com - ESET’s news platform with the latest information and analysis on cyber threats and useful security tips. On WeLiveSecurity.com you will find previous post and updated white paper about Hesperbot.