Incident Response, Malware, TDR

Fraudsters use Neverquest trojan to target Canadian banks

Researchers have uncovered a malware campaign which leveraged the Neverquest banking trojan to target more than 15 financial institutions in Canada.

In a Tuesday blog post, Heimdal Security revealed the latest variant of Neverquest, also known as Vawtrak, can capture videos and screenshots as well as launch man-in-the-middle attacks to steal victims' credentials during online banking sessions.

Attackers have tried to thwart malware detection and removal attempts by using stolen credentials to log into accounts using virtual network computing, Heimdal writer Aurelian Neagu said. This tactic helps fraudsters cover their tracks, “since the connection request to the online banking account comes from the victim's computer,” he explained.

The campaign, which spreads Neverquest via drive-by download, began approximately a month ago. Heimdal identified 15,000 infected computers, of which 90 percent were located in Canada, and added a page on VirusTotal for the variant.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.