Your browser is obsolete!

The page may not load correctly.

Free trial
Dr.Web for Android

Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Call us

+7 (495) 789-45-86

Forum
Profile

Back to news

New Trojan threatens users’ bank accounts

February 12, 2016

Banking Trojans are considered to be one of the most dangerous threats. Not only they have a complex architecture, but they are also capable to perform a wide variety of functions. Yet, some attackers do not disdain to contrive rather primitive malicious programs such as, for example, Trojan.Proxy2.102, which was examined by Doctor Web specialists.

Trojan.Proxy2.102 steals money from victims’ bank accounts using the following method. Once launched, it installs a root digital certificate and changes the Internet connection settings specifying a proxy server that belongs to virus makers.

screen Trojan.Proxy2.102 #drweb

From that time, all requests to webpages of online banking systems are executed using this proxy server. It is also applied to inject arbitrary content into these websites once a user opens them on the infected computer. Therefore, a victim is tricked into transferring money from their accounts to cybercriminals’. Trojan.Proxy2.102 can modify content of such online banking systems as online.sberbank.ru, online.vtb24.ru, and online.rsb.ru. An initial installation of the bogus digital certificate, which is used to sign the corresponding webpages, allows the Trojan to conceal its presence from the user as long as possible.

screen Trojan.Proxy2.102 #drweb

screen Trojan.Proxy2.102 #drweb

If the installation procedure is successful, the malicious program transmits the information about this event to the server. Since the Trojan does not register itself in autorun, it goes to an infinite sleep mode once all its malicious functions are performed.

Dr.Web successfully detects and removes Trojan.Proxy2.102, and, therefore, this malicious program poses no threat to our users.

More about this Trojan

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2017

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040