Citadel Trojan Description
The Citadel Trojan – A Version of the Infamous ZeuS Trojan
The Citadel Trojan first started making its rounds in early 2012 and gave the impression of having the same abilities as the infamous ZeuS Trojan. The ZeuS Trojan is one of the most notorious Trojan infections of the last decade. This Trojan has been known to steal banking information such as account numbers and passwords, as well as being linked to some of the most important botnets in recent years. Because of this, any sign of the Citadel Trojan on your computer system should be cause for concern – apart from treating the Citadel Trojan infection, ESG security analysts strongly recommend ensuring that your online bank accounts have not become compromised.
The Malware Makers Behind the Citadel Trojan Focus on Customer Service
It may sound strange, but support and customer service are also an important part of the hacking community. Criminals do not create malware like the Citadel Trojan in a vacuum. They can actually earn quite a lot of money by selling their malware creations to other criminals who can then use botnets and phishing scams to attempt to steal people’s banking credentials. Scouring forums and seedy websites linked to criminal activity, ESG malware analysts suspect that the Citadel Trojan seems to have been created as a ‘customer service’ oriented version of the ZeuS Trojan! One particularly clever aspect of the Citadel Trojan is the fact that Citadel Trojan is designed not to attack computers with a keyboard in Cyrillic characters (thus ensuring that the Russian or Ukrainian authorities will not see Citadel Trojan as a local threat).
The Citadel Trojan May Be the ZeuS Trojan’s First Direct Descendant
Since 2011, when the source code for the ZeuS Trojan was released and made available publicly, ESG security researchers have been concerned that various copycat infections may spring up, improving on the original and making this malware threat even more difficult to remove. The Citadel Trojan may be this dreaded descendant of the infamous banking Trojan. The creators of the Citadel Trojan advertise Citadel Trojan as containing various improvements and bug fixes as well as being able to attack various web browsers more effectively than before. The Citadel Trojan also contains a component that is able to record its victim’s activity and then send a video of the victim’s screen to a remote server where Citadel Trojan can then be viewed.
How Can You Detect Citadel Trojan?
Citadel Trojan Removal Details
Citadel Trojan creates the following files in the system:
- %UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dll.lnk
- %UserProfile%\Start Menu\Programs\Startup\.dll.lnk
- %AllUsersProfile%\Application Data\Citadel Trojan