Citadel Trojan targets password managers

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Security researchers have discovered a new variant of data-stealing Citadel Trojan targets password managers used by cybercriminals to sniff users’ master passwords for a number of password management applications and other authentication programs, which will let you think twice before using one.

Citadel Trojan malware program has typically been used to steal online banking credentials and other financial information by masquerading itself as legitimate banking sites when victims open it in their local browser, which is also known as a man-in-the-browser attack.

The malware has previously targeted users’ credentials stored in the password management applications included in popular Web browsers, however, third-party password managers have typically not been targeted by the attackers.

“[The configuration file] instructs the malware to start key-logging (capturing user keystrokes) when some processes are running,” Dana Tamir, director of enterprise security at IBM Trusteer, explains in a blog post.

It’s not clear how widespread the malware infection is, nor who is masterminding it. The crooks involved scrubbed their central command-and-control (C&C) server some time shortly before Trusteer latched onto the contagion.

“Once Citadel installs on a machine, it opens communication channels with a command-and-control (C&C) server and registers with it. The malware then receives a configuration file that tells it how it should operate,” explained Tamir.

“An analysis of the configuration file [used by this variant of Citadel] shows that the attackers were using a legitimate web server as the C&C,. However, by the time the IBM Trusteer research lab received the configuration file, the C&C files were already removed from the server, so researchers were not able to identify who is behind this configuration.”

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply