"Beta Bot" marks the latest banking malware to hit the online underground

Share this article:

Fraudsters are shopping around malware that's been repurposed to carry out financial fraud and provide root access to infected machines.

Limor Kessem, a cyber crime and online fraud expert at RSA's FraudAction Research Lab, divulged the details of a trojan called “Beta Bot” in a Wednesday blog post.

Crooks began selling Beta Bot in January on underground online forums where malware is peddled.

The trojan ended up on the radar of RSA researchers when they detected that about 20 victims, primarily in the United States, had been infected. Beta Bot sniffs out sensitive login and financial information entered by users in webmail programs and payment and gaming platforms. RSA also discovered that attackers aimed to steal user data from websites for online banking and retailers.

Kessem told SCMagazine.com on Wednesday that Beta Bot's creator is likely a skilled programmer who may be new to malware development, particularly in coding financial trojans.

Before releasing the trojan, the developer spent 18 months repurposing a simple piece of malware so that it could be used for financial fraud, Kassem said.

Once an HTTP bot capable of carrying out automated tasks from a command-and-control server, Beta Bot now has been packaged with a rootkit, which blacklists compromised machines from visiting security websites and offers a “kill switch” to disable competing malware on the machine.

According to Kessem, Beta Bot steals data, such as bank login credentials, by capturing victim's HTTP requests – but the developer likely aims to add newer banking trojan features, like man-in-the-browser capabilities that offer attackers a more automated way to pilfer information.

Currently, the trojan is being sold from anywhere between $320 to $500 on the black market.

[This story was clarified to convey how the trojan steals data from users.]
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.