Zeus-based malware Terdot has been discovered with more capabilities to steal sensitive data. Now it’s not just a banking trojan but also a sophisticated malware that can access Facebook, Twitter, YouTube, Google Plus, Yahoo mail, Microsoft’s live.com as well as Gmail account by leveraging open-source tools. This massive malware can generate its own Certificate Authority and bypass TLS restrictions. The attackers can gain the full access to victim’s account and even publish data or modify traffic without the consent of the infected user.

zeus based banking trojan terdot

The banking trojan Terdot was initially found in 2016 and specially designed to steal financial credentials such as credit card information and sign in credentials stored online. It worked as a proxy for performing man-in-the-middle (MITM) attacks and used to transfer the sensitive information in the hands of the attackers. The main targeted websites of this trojan include Canadian institutions such as PCFinancial, Scotiabank, Royal bank, Banque Nationale, Bank of Montreal, the Toronto Dominion Bank, CIBC and Tangerine bank.

“Terdot’s components are split across multiple processes, each with a specific role. Windows Explorer processes, along with other normal long-running Windows processes, are either injectors responsible for spreading the infection inside the machine or watchdogs, processes that make cleanup more difficult. Terdot’s MITM proxy that receives traffic from browser processes runs in a msiexec.exe process”, Bitdefender reports.

As per the reports, the new variants of the banking trojan Terdot comes with automatic update capabilities which is proved to be more notorious than ever as that allows it to download and execute any file on the request of its operator, noted by Bitdefender. It’s being distributed through compromised websites and malicious emails. The infected links or PDF buttons cause to executes Complicated JavaScript code and runs banking trojan file. After execution, it injects itself into various processes such as direct connections, browser process, track traffic and more.

However, it has been noticed that Terdot doesn’t collect data from Russia’s largest social media platform vk.com.

In order to prevent Terdot or other malware attacks, the users should pay more attention to the security of their data. It is always preferable not to click on unknown links whether they are on social media accounts, on untrusted websites or on emails.


Please enter your comment!
Please enter your name here