Silent Night

By GoldSparrow in Banking Trojan

The Silent Night threat is a newly spotted banking Trojan that appears to be very similar to the Zeus Banking Trojan – one of the most popular threats of this type. Malware experts spotted an advertisement for the Silent Night threat posted on a Russian hacking forum. The advertisement was only available in Russian, so it is likely that with this advertisement, the creators of this threat are targeting cyber crooks in the Russian region who may be interested. However, the Silent Night malware is not a cheap hacking tool – one-month subscription costs around $4,000. It is likely that a threat with a price as high as the Silent Night tool will attract the attention of cybercrime organizations mainly.

Why the Silent Night Trojan is So Well-Accepted by Cybercriminals

The Silent Night banking Trojan is a state-of-the-art threat. This hacking tool has a modular structure and a very extensive list of features. According to one of the authors of this tool, nicknamed ‘Axe,’ the Silent Night project took them over five years to be completed.

According to cybersecurity experts, there have been several con actors spotted distributing the Silent Night banking Trojan already. It would appear that despite the high price, the Silent Night Trojan is attracting a lot of attention in the world of cybercrime. One of the aforementioned campaigns was carried out with the help of the RIG Exploit Kit, while all the rest relied on phishing emails. The emails in question covered a variety of topics, including:

  • The Coronavirus pandemic, a spam email campaign that relied on corrupted attachments - it took place in March 2020.
  • Bogus VBS (Visual Basic Script) attachments, which were designed to appear as genuine document files, that need urgent reviewing.
  • Fake Microsoft Excel spreadsheets, which carried the corrupted payload of the Silent Night banking Trojan.
  • Fraudulent Microsoft Word documents that contained corrupted JavaScript code.

The Silent Night Numerous and Threatening Features

Since the Silent Night Trojan has a modular structure, its operators are able to expand its features swiftly to weaponize it further or shrink its features to help it remain under the radar of security measures. Some of the Silent Night banking Trojan features include:

  • A keylogging module.
  • A data-collecting module designed to fetch information from popular Web browsers.
  • A cookie-collecting module, which is compatible with Mozilla Firefox and Internet Explorer.
  • A password-collecting module that collects login credentials from Google Chrome.
  • A Hidden VNC (Virtual Network Computing) client.
  • A phishing module that displays a fake overlay designed to trick users into filling in their banking details and credentials.
  • A screencap module that is able to take screenshots of the user’s desktop and active windows.

The Silent Night banking Trojan is a very serious threat, which is likely to be further weaponized in the future. To protect your system from malware, make sure to obtain a reputable anti-virus suite, and always update all your applications regularly.


Most Viewed