Kronos Banking Trojan New Attack Campaigns on Banks
The newly evolved malware often called the "father of Zeus," is a particularly a harmful form of malicious programs which cannot go away from your system easily. Named as Kronos banking trojan, is back with several new attack campaigns to hijack your bank accounts.
Marcus Hutchins was accused of creating and updating Kronos on August 2017 in Las Vegas.
Past Attacks from Kronos Malware
Back in April 2018, cybersecurity experts detected a new malware capable enough to attack your bank accounts. They named it a banking Trojan that surfaced approximately after a year.
Back in June 2017, cybersecurity researchers spotted the first attack on German financial companies and German users. All those campaigns used malicious word documents to download it in your system and smartphone devices.
Zeus on the same side also belongs to the same trojan family which focuses on the theft of financial credentials to compromise online bank accounts, data collection and conducts identity theft on the web.
Note* Perform the given steps to SECURE your System Now!
Remove Search.umaxsrch.com from your Windows (HARMFUL!!)
STEP 1: Click to Download Malware Crusher
STEP 2: Install Malware Crusher
STEP 3: Scan and Remove all malicious Programs.
New Campaigns of Kronos
On Tuesday, a new research report revealed that the latest Kronos variant, also known as Osiris virus, was discovered as a trojan.
Three obvious, separate campaigns are already underway and attacking in Germany, Japan, and Poland via fraudulent emails and phishing campaigns.
The primary infection vector now is through malicious websites containing java scripts. These sites redirect users to the RIG Exploit Kit which distributes smoke loader responsible in downloading Kronos malware.
Additionally, the malicious emails contain crafted Microsoft Word documents and RTF attachments with macros which drop and execute blurred VB stagers. The documents also exploit CVE-2017-11882, a protective shield in the Microsoft Office against malicious programs.
The new banking malware also makes substantial use of Tor, with a command-and-control (C2) server hosted in the anonymizing networks. It now connects to multiple nodes that are located in various countries to communicate with the C2 server.
These kinds of attacks are easily avoidable if you use a robust malware removal tool.
Some versions of the trojan also support remote control through a custom LibVNCServ- er library.
Once executed on a target system, it attempts to steal data from various sources and modifies the Windows registry in order to inject malicious code into the browsers. Thus, whenever a bank domain is visited, the attack is performed.
Google, Firefox and other browser security settings will also change and could lead to the injection of browser hijackers and adware.
The malware again harvests money and data from unknown victims. Furthermore, the cyber attackers also insert hidden keystroke logger software to gain legitimate bank credentials.
Kronos banking malware also copies itself into C files
In order to hide from your eyes, the trojan save its files in
C: \Users\%\AppData\Roaming
Along with malicious DLL and continue to refine itself. The evolution of this banking trojan is not a good news for banks and customers including online banking services.
Researchers feel that these updates, Kronos return, in general, is a sign of a more significant coming from the threats to disrupt the whole online system.
To protect yourself from Kronos Banking Trojan we recommend using Malware crusher, immensely capable of scanning, detecting and deleting banking trojans, becomes fiercer in detecting keylogging, remote connections and saving your session data from being recorded.
