Terdot Banking Trojan Updated to Perform Advanced Thievery and Manipulate Social Media Content

While there are nearly countless banking trojans on the lose primarily designed to steal online banking login credentials, some variations, such as the Terdot trojan, have been updated to perform additional actions in their effort to intercept PC user's data.

The Terdot trojan showed up on the scene back in October of 2016 where it performed the known actions like that of threats like Zeus, which is known to be the basis for the framework of Terdot. In recent findings, computer security experts have uncovered a newer version of Terdot, which has the functionality to not only pilfer login data but to manipulate traffic on many popular social media platforms or even publish posts on behalf of the infected computer user.

Terdot spreads with the help of exploit kits

Terdot banking trojan has been found to be distributed mostly through compromised websites via the SunDown Exploit Kit, which is one of the many kits of its type to still be utilized in the exploitation of vulnerable computers around the world.

Reports out of BitDefender have verified Terdot being loosely based on the framework of Zeus, which had its code leaked back in 2011. The methods that Terdot uses to intercept social media traffic is through a man-in-the-middle proxy where the attackers secretly relay or alter the communication initiated between the user and a known social media network, such as Twitter or Facebook.

In addition to Terdot's credential stealing methods and ability to publish or capture posts on social media platforms, Terdot may be able to monitor victim's online actions and potentially send the collected data to a remote attacker.

Terdot evolution could spark banking trojan uproar

The advancements found within Terdot are reminiscent to when banking trojans like Dridex, Gozi, and Zeus had their heyday of attacking countless systems to collect as much personal data as they could. Through various spreading methods, which aren't limited to compromised websites, Terdot may conjure up actions that execute JavaScript code to download additional malware onto an already-infected machine.

In knowing how versatile and advanced Terdot is, computer security experts and researchers have their work cut out to track, and untimely put an end to Terdot. So far, Terdot has been responsible for attacking two major banks in the UK, which is according to findings revealed by IBM X-Force. Moreover, Terdot has targeted several sites in the US, many of them are banks, mobile service providers, webmail sites, e-commerce sites, and payment card providers.

If we let Terdot be a lesson to us about evolving malware threats, let it teach us that banking trojans are far from dead. In fact, we suspect that threats like Terdot will continue to emerge and be more prevalent than they have ever been. Not to mention, Terdot and many other new threats will gain multiple functions allowing the attackers at the helm instruct the malware to hit several targets with one stone. Beside threats like Terdot are ones like IcedID, which looks to have some of the same functionality as Terdot.

While we continue to look for and combat popular ransomware attacks, hackers are looking to shake things up a bit with new multifunction trojans possibly to catch some of us off guard. Fortunately, the masses are continuing to stay abreast of the latest threats which in return will keep the computer security community on their toes to keep us all protected.