{"id":10576,"date":"2017-11-22T11:10:42","date_gmt":"2017-11-22T19:10:42","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/11\/22\/news-4348\/"},"modified":"2017-11-22T11:10:42","modified_gmt":"2017-11-22T19:10:42","slug":"news-4348","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/11\/22\/news-4348\/","title":{"rendered":"Terdot Trojan likes social media"},"content":{"rendered":"

Credit to Author: Pieter Arntz| Date: Wed, 22 Nov 2017 18:47:17 +0000<\/strong><\/p>\n

We usually advise people that have fallen victim to banker Trojans to change all their passwords, especially the ones that are related to their financial sites and apps. Besides the dangers of re-used passwords, there are other reasons why this is important. This advice is especially applicable to a Trojan making the rounds called Terdot.<\/p>\n

Our friends at Bitdefender wrote a\u00a0white paper<\/a>\u00a0about the Terdot Trojan that shows how this offspring of Zeus can not only monitor and modify your Facebook, Twitter, YouTube, and Google Plus traffic, but also spy on webmail platforms like\u00a0Microsoft\u2019s live.com login page,\u00a0Yahoo Mail, and Gmail.<\/p>\n

Hasherezade<\/a>\u00a0already saw this coming at the start of this year\u00a0when she warned us that Terdot spies and also modifies the displayed content by \u201cWebInjects\u201d and \u201cWebFakes.\u201d<\/p>\n

The Terdot Trojan is both spread by email, using infected attachments, as well as by the Sundown exploit kit<\/a>. It uses a complex method to download and activate the malware on the targeted system, most likely to throw security researchers off the scent. Once established, it uses its own security certificate<\/a>\u00a0to bypass TLS restrictions and set up a\u00a0man-in-the-middle (MitM)<\/a>\u00a0proxy.<\/p>\n

This Terdot variant only targets Windows systems that don’t run a Russian operating system. Its main targets are in the US, Canada, the UK, Germany, and Australia. The added functionality for social media might be used in different ways.\u00a0Bogdan Botezatu, Senior e-Threat Analyst at Bitdefender, told ZDNet:<\/a><\/p>\n

\n

“Social media accounts can be also used as a propagation mechanism once the malware is instructed to post links to downloadable copies of the malware. Additionally, the malware can also steal account login information and cookies, so its operators can hijack the social network account and re-sell access to it, for instance,”<\/p>\n<\/blockquote>\n

Malwarebytes detects the installers as Trojan.Terdot:<\/p>\n

\"detection\"<\/p>\n

And blocks the download URLs:<\/p>\n

\"blocked<\/p>\n

Stay safe out there and get protected.<\/p>\n

The post Terdot Trojan likes social media<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Pieter Arntz| Date: Wed, 22 Nov 2017 18:47:17 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
The Terdot Trojan is a banker, but it loves to steal your social networks credentials as well.<\/p>\n

Categories: <\/p>\n