Terdot banking trojan has become a tool for cyber espionage

Delaware, USA – November 22, 2017 – Terdot banking trojan appeared about a year ago; it was created on the basis of Zeus trojan code and targeted Canadian banks. Recently, researchers from Bitdefender found that threat actors behind this trojan had significantly modified it and added several features. A new version of malware monitors almost all online activity of its victims; it can also modify users’ messages on social media and intercept emails. Trojan uses a proxy, which intercepts any traffic on a compromised computer, and can publish malicious links in social networks on operator’s command. Terdot is distributed through compromised websites and phishing emails with malicious JavaScript disguised as PDF files. To avoid detection, this malware is downloaded in parts on the victim’s computer.

Banking Trojans are becoming increasingly advanced tools for cyber espionage, both by improving the mechanisms of infection and by expanding their functionality. The ability to intercept traffic poses a threat to any organization: many employees have remote access to corporate networks, and their accounts compromising can lead to severe data leaks. VPN Security Monitor for ArcSight and QRadar can help your SIEM to detect any attempts of unauthorized access to your corporate servers.