1 min read

Terdot: Zeus-based malware strikes back with a blast from the past

Bogdan BOTEZATU

November 16, 2017

Terdot: Zeus-based malware strikes back with a blast from the past

Malware authors are surely known for their ability to fly under the radar. But every once in a while, details about their operations surface on the web. This is the case of a handful of malware operations that managed to gain unwanted attention by having their source code leaked. Mirai, KINS, Carberp and Zeus are among the malware families that went “open-source”, either voluntarily or because of operational negligence. And when this happens, high-quality code is rapidly adopted and integrated by less-skilled criminal groups looking for shortcuts to financial success.

Particularly interesting about Terdot, though, is that, just like the Netrepser targeted attack, it leverages legitimate applications such as certificate injection tools for nefarious purposes, rather than specialized utilities developed in house. Another discovery worth mentioning is that, even if Terdot is technically a Banker Trojan, its capabilities go way beyond its primary purpose: it can also eavesdrop on and modify traffic on most social media and email platforms. Its automatic update capabilities allow it to download and execute any files when requested by its operator, meaning it can develop new capabilities.

This whitepaper is a technical analysis of the Terdot, a Banker Trojan that derives inspiration from the 2011 Zeus source code leak.

Download the whitepaper

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Bogdan BOTEZATUVictor VRABIE
9 min read
Debugging MosaicLoader, One Step at a Time Debugging MosaicLoader, One Step at a Time
Janos Gergo SZELESBogdan BOTEZATU
1 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign How We Tracked a Threat Group Running an Active Cryptojacking Campaign
Bitdefender

July 14, 2021

10 min read