Kaspersky Lab researchers spotted ‘combat-grade' samples and other modification to the NukeBot banking trojan, months after the malware's author released its source code in a possible attempt to restore his reputation.
It is unclear if the combat-grade versions were created by a few motivated cybercriminals or that the use of NukeBot will taper off soon, or if the source code has fallen into the hands of an organized group, or groups, and the number of combat-grade samples is set to grow, according to a July 19 blog post.
Researchers said 2 percent to 5 percent of the samples they observed were weaponized and that the targets are presumed to be U.S. and French banks. Researchers also detected modifications to the trojan that didn't have the web injection functionality and were designed to steal mail client and browser passwords.
Samples received exclusively within droppers downloaded the required utilities such as ‘Email Password Recovery' from a remote malicious server, after unpacking, researchers said.