Published on November 16th, 2017 | by admin
Bitdefender finds Terdot banker Trojan returns as information stealer
Bitdefender has issued an alert about the return of Terdot.
Terdot is a banker Trojan that has been around since mid-2016, and is now making a comeback with updated capabilities such as information and credential theft, and social media account monitoring capabilities.
Built on the Zeus framework that has been open-sourced since 2011, Terdot adds a number of novel techniques to the market. These include leveraging open-source tools for spoofing SSL certificates, and a powerful man-in-the-middle proxy that filters the user’s entire web traffic in search of sensitive information that subsequently gets logged and exfiltrated.
This man-in-the-middle proxy also allows the banker Trojan to manipulate traffic on most social media and email platforms and post on the behalf of the infected user.
This highly modular Banker Trojan uses extremely sophisticated hooking and interception techniques and features several capabilities to ensure it is not detected or removed, which makes cleanup extremely difficult.
Here is the full whitepaper for your reference. Do let me know if you have any questions or if you’d like to speak Bogdan Botezatu, Senior e-Threat Analyst at Bitdefender about the findings.