Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to the news list

New Trojan threatens users’ bank accounts

February 12, 2016

Banking Trojans are considered to be one of the most dangerous threats. Not only they have a complex architecture, but they are also capable to perform a wide variety of functions. Yet, some attackers do not disdain to contrive rather primitive malicious programs such as, for example, Trojan.Proxy2.102, which was examined by Doctor Web specialists.

Trojan.Proxy2.102 steals money from victims’ bank accounts using the following method. Once launched, it installs a root digital certificate and changes the Internet connection settings specifying a proxy server that belongs to virus makers.

screen Trojan.Proxy2.102 #drweb

From that time, all requests to webpages of online banking systems are executed using this proxy server. It is also applied to inject arbitrary content into these websites once a user opens them on the infected computer. Therefore, a victim is tricked into transferring money from their accounts to cybercriminals’. Trojan.Proxy2.102 can modify content of such online banking systems as online.sberbank.ru, online.vtb24.ru, and online.rsb.ru. An initial installation of the bogus digital certificate, which is used to sign the corresponding webpages, allows the Trojan to conceal its presence from the user as long as possible.

screen Trojan.Proxy2.102 #drweb

screen Trojan.Proxy2.102 #drweb

If the installation procedure is successful, the malicious program transmits the information about this event to the server. Since the Trojan does not register itself in autorun, it goes to an infinite sleep mode once all its malicious functions are performed.

Dr.Web successfully detects and removes Trojan.Proxy2.102, and, therefore, this malicious program poses no threat to our users.

More about this Trojan

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments