A Canadian security firm warns that just because your antivirus scans turn up no threats, it doesn’t always mean your system is clean.
Toronto-based Akouto says it has found a sharp increase in new strains of malware capable of slipping past most off-the-shelf security software. The majority of the attacks, it says, are aimed at stealing bank information and enabling hackers to make unauthorized withdrawals.
The malware, known as the Heodo Banking Trojan, was first detected back in March. The hackers who created it designed it to steal passwords and online banking log-in information so they could then transfer money from the victims to themselves.
Computers get infected when a user clicks on a link or PDF that is disguised as some type of important document, such as an invoice. Since it arrives in an email that appears to be from a known contact, targets are more likely to click on it.
Uses contacts to spread the malware
If they do, the Trojan searches the victim’s contacts and copies other email addresses. This allows it to send messages that appear to come from the victim and quickly spread the malware.
If the infected computer is connected to a network, it will also infect connected devices by exploiting a flaw in how the computers share information.
“The creators of this malware spliced the code of a Trojan with that of a Worm to create a hybrid capable of stealing information, self-replicating and mutating,” Dominic Chorafakis, Akouto’s founder, told ConsumerAffairs.
Chorafakis says the malware uses its Trojan DNA to collect sensitive information from the victims that is transmitted back to the hackers.
“Using its Worm DNA it burrows through networks spreading to other computers, stealing more information and spreading even further,” Chorafakis said.
Hard to detect
Unfortunately, this hybrid is hard to detect. Chorafakis says it uses something called a crypter that shields it from antivirus products. Undetected, it embeds itself in other software on the infected computer, setting up links back to command-and-control servers to download additional instructions, all the while making mutated copies of itself on the infected system.
Most of Akouto’s work is directed at helping business clients, but Chorafakis says this mutant malware also poses a threat to individual computer users.
“The majority of attacks are not at all selective,” he said. “Hackers cast a wide net to infect as many systems as possible with the goal of encrypting the user’s files for ransom, stealing banking and credit card information, or turning the computer into a zombie that secretly joins a Botnet.”
Even though this particular malware was able to slip past standard antivirus software, Chorafakis says all computer users should install an antivirus program and keep it up to date. If malware manages to initially evade detection, Chorafakis says it’s only a matter of time before antivirus vendors update their software, which will then be able to detect and remove the malware.
Chorafakis says consumers can also protect themselves by learning about cyber threats and how to avoid them. He suggests keeping all software up-to-date and backing up important files.
In today’s world, he says, it’s not a matter of if your computer will be infected, but when.