Computer Security Vawtrak Banking Trojan Unleashes Payload After Delivery...

Vawtrak Banking Trojan Unleashes Payload After Delivery from Spam Containing Chanitor Downloader

vawtrak banking trojan spread by chanitor spamThere are always constant things in life that you can guarantee will happen sooner or later, such as your lungs filling with air so you can breathe, or the earth will rotate on its axes completing one full turn in a 24-hour period. There is also a certainty that hackers will find new ways to distribute malicious Trojan horse threats as they have with the Vawtrak Banking Trojan now being delivered from the Chanitor malware downloader.

Vawtrak is a malicious Trojan horse that is known for manipulating online banking sessions, mainly for users located in Japan, only to force a computer user into relinquishing sensitive information. That sensitive information is usually the banking account login credentials, which is randomly sent to a remote system that is controlled by cybercrooks.

According to a recent report from Sophos, the fraudulent transactions are started through a victim's computer all in front of the user on their screen. The clever technique used through Vawtrak is able to bypass the two-factor authentication (2FA) security feature that many banking institutions use on their online banking systems. Basically, the bypass will have the banking access over the internet thinking it is a real banking session, thus allowing actions to take place on a specific banking account.

The spread of Vawtrak has drawn much suspicion as of late where it is delivered through Chanitor, malicious software that is used for funneling in and installing malware on a computer. Chanitor is able to play its own sneaky game by being included in spam email attachments as part of "important" messages. The spam messages in many cases claim to be voicemails, faxes or even invoices. In the end, the file turns out to be a malicious executable SRC file.

Another aspect of Chanitor ousted by security researchers is its ability to delete itself from affected computers seconds after it is downloaded. Only thing, Chanitor will quickly copy itself to a different location on the affected system's hard drive making detection difficult. After relocation, Chanitor may then execute the copy and then contact a command and control server for additional instructions to carry on the infected system.

In light of the recent discovery of Chanitor distributing the Vawtrak banking Trojan, or the variations Backdoor:W32/Vawtrak.A, BKDR_VAWTRAK.PHY, BKDR_VAWTRAK.SM and BKDR_VAWTRAK.SMN, new strains of the malware were found to run on Windows without display any error messages. In previous versions of Chanitor, it would only successfully run while in compatibility mode with administrator privileges on Windows 7. Now, Chanitor does not have any road blocks and can be run error free, enabling hackers to exploit other malware in highly targeted attacks through clever spam email messages.

Loading...