Peaches Posted March 8, 2011 Report Share Posted March 8, 2011 More on the Tatanga Banking Trojan Since the Tatanga Trojan (TSPY_PINCAV.GEK) made it to the news last week (thanks to the terrific work of the fellows at S21Sec), the Trend Micro Research has been hard at work to find out more about this malware. Luckily, we managed to obtain access to a command-and-control (C&C) server, giving us the opportunity to gather some thoughts on this new malware family: Although TSPY_PINCAV.GEK/Tatanga is mainly a banking Trojan, it gathers all sorts of web tracking logs, including passwords. It’s unusually verbose. Some web logs for a single client take hundreds of MBs.TSPY_PINCAV.GEK/Tatanga is capable of hijacking the user’s banking session to automatically transfer money to mules. Not only does it capture the credentials of users logging into banking sites but it also makes videos. This way if someone is using an out of band storage utility for his/her passwords, then the criminals running the botnet would be able to see it. The botnet master can set up multiple mule accounts and specify how much to transfer and when.It can also arrange Distributed Denial of Service attacks for a specified amount of time against a list of targets.More plus screenshots - http://blog.trendmicro.com/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.