Zeus-based malware Terdot has been discovered with more capabilities to steal sensitive data. Now it’s not just a banking trojan but also a sophisticated malware that can access Facebook, Twitter, YouTube, Google Plus, Yahoo mail, Microsoft’s live.com as well as Gmail account by leveraging open-source tools. This massive malware can generate its own Certificate Authority and bypass TLS restrictions. The attackers can gain the full access to victim’s account and even publish data or modify traffic without the consent of the infected user.
The banking trojan Terdot was initially found in 2016 and specially designed to steal financial credentials such as credit card information and sign in credentials stored online. It worked as a proxy for performing man-in-the-middle (MITM) attacks and used to transfer the sensitive information in the hands of the attackers. The main targeted websites of this trojan include Canadian institutions such as PCFinancial, Scotiabank, Royal bank, Banque Nationale, Bank of Montreal, the Toronto Dominion Bank, CIBC and Tangerine bank.
“Terdot’s components are split across multiple processes, each with a specific role. Windows Explorer processes, along with other normal long-running Windows processes, are either injectors responsible for spreading the infection inside the machine or watchdogs, processes that make cleanup more difficult. Terdot’s MITM proxy that receives traffic from browser processes runs in a msiexec.exe process”, Bitdefender reports.
However, it has been noticed that Terdot doesn’t collect data from Russia’s largest social media platform vk.com.
In order to prevent Terdot or other malware attacks, the users should pay more attention to the security of their data. It is always preferable not to click on unknown links whether they are on social media accounts, on untrusted websites or on emails.