Citadel trojan uses child porn scare to extort cash

Share this article:

The banking trojan Citadel, which is a variant of the insidious Zeus malware, now is being used to trick users into believing they have violated U.S. law and must pay a fine to unfreeze their computers, according to federal task force warning issued Wednesday.

Victims are lured into visiting a drive-by download site, which installs what is known as scareware, said an alert from the Internet Crime Complaint Center, which is made up of the FBI, National White Collar Crime Center and Bureau of Justice Assistance.

This scam software, dubbed Reveton, freezes the user's computer and prompts a pop-up that falsely informs the user they have violated federal law by visiting child pornography sites. To unlock their computer, victims are told they must pay a $100 fine to the U.S. Department of Justice.

The malware authors leverage the user's IP address to offer them online payment methods which they are familiar with and work in their country.

In the meantime, Citadel, which uses a social networking-type structure so its purveyors can communicate, remains on the victim's machine and is capable of stealing banking credentials.

Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.