Updated Citadel Trojan Targets Password Management Software to Compromise Online Logins

Sometimes in life old things become new again. The same can be said about malware threats and the famous Citadel Trojan, which is known as a dangerous computer infection that could compromise online banking data. In recent findings by Trusteer, IBM's security division, Citadel was found to have new behaviors and methods for compromising an infected system attacking password management software.

The Citadel Trojan has long been a major pest for banking institutions much like the well-known Zeus Trojan and botnet have over many years. Citadel has the ability to remain idle on an infected computer for weeks to years at a time before it is triggered to carry out malicious actions. Citadel is a malware threat that relies on its command and control (c&c) servers to await and receive instructions or updates to carry out its actions.

With many systems infected with Citadel not knowing the threat exists on their computer, the destruction can be devastating. You can think of Citadel being a sneak attack where the opposition has no clue of its threat being right in front of their face. It is like infected computer's users have blinders on and are suddenly captivated with bright light not having time to allow their eyes to adjust.

The latest variation of Citadel is believed to have been updated by means of its c&c servers with a new configuration allowing it to attack password managers. This means the latest version of Citadel may have the ability to purge through password management software and uncover several online passwords and login credentials at once.

In the scheme of password management applications and components, they have several security policies and an encrypted database put in place for securing password data. With Citadel's new advancements, it may be able to bypass some of those security features by capturing the master password for the database of such software. Each password management application has a master password that gives users access to all of their stored login credentials. In obtaining that master password, which Citadel may do, it could arm a hacker or remote attacker with the proper resources to infiltrate a system and several online accounts – sometimes including banking accounts.

Trusteer has noted a case where Citadel has attempted to attack one of their machines protected by their own solutions. From their data gathered, it was apparent that the affected system had already been infected with Citadel, which is a commonality with this Trojan as explained earlier. So far, no one has gained knowledge or specific details related to the individuals behind Citadel as its c&c server data has been removed. It may be a case where Citadel received a quick update, and now all traces of the update have vanished until systems infected with the Trojan are attacked via new Citadel instructions. Several targeted product developers have been warned about the new risks that may be associated with a newer variation of Citadel.