Researchers have uncovered a malware campaign which leveraged the Neverquest banking trojan to target more than 15 financial institutions in Canada.
In a Tuesday blog post, Heimdal Security revealed the latest variant of Neverquest, also known as Vawtrak, can capture videos and screenshots as well as launch man-in-the-middle attacks to steal victims’ credentials during online banking sessions.
Attackers have tried to thwart malware detection and removal attempts by using stolen credentials to log into accounts using virtual network computing, Heimdal writer Aurelian Neagu said. This tactic helps fraudsters cover their tracks, “since the connection request to the online banking account comes from the victim’s computer,” he explained.
The campaign, which spreads Neverquest via drive-by download, began approximately a month ago. Heimdal identified 15,000 infected computers, of which 90 percent were located in Canada, and added a page on VirusTotal for the variant.