Hesperbot trojan sending phishing emails to obtain login credentials
Security firm ESET has reported the discovery of a new and sophisticated banking trojan targeting the online banking users in Europe and Asia. The potent banking trojan, known as Hesperbot is detected as Win32/Spy.Hesperbot has features such as keylogging, video capture and setting up a remote proxy. It also attempts to infect mobile devices running Android, Symbian and Blackberry operating systems.
“Analysis of the threat revealed that we were dealing with a banking Trojan, with similar functionality and identical goals to the infamous Zeus and SpyEye, but significant implementation differences indicated that this is a new malware family, not a variant of a previously known Trojan,” explained ESET malware researcher, Robert Lipovsky.
The attackers aim is to obtain login credentials by sending emails seeming to originate from credible organizations and getting victims to install a mobile component of the malware on their smartphome.
The campaign was first detected in Czech Republic on August 8 where the attacker lures potential victims to open the malware by sending phishing emails resembling parcel tracking system by the country’s postal service. Czech Postal Service responded very quickly by issuing a warning about the scam on their website.
A special variant of the malware has been created in the U.K., but ESET is unable to provide any further details.