New malware program hooks into networking APIs to steal banking data

Discussion in 'malware problems & news' started by ronjor, Jun 30, 2014.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Very weird, why do these researchers say that this method is new?

    It´s actually quite popular and is being used by just about all banking Trojans like Zeus, Carberp etc. Apps like Zemana, SpyShelter, Trusteer (and a few others) all claim they are able to stop these kind of browser hooking trojans. :)
     
    Last edited: Jun 30, 2014
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    To be honest I'm extremely skeptical of such claims. You can't have your data 100% encrypted, it has to be decrypted somewhere in RAM. You can make the decrypted data harder to access, e.g. through mandatory access control, or at by blocking common payload types like the aforementioned DLL injection. But you can't make the data encrypted everywhere, and you can't make it encrypted where applications won't know how to decrypt it. Encryption is not magic.

    Edit: in fact I am going to start a new thread on this.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It's rather simple in some cases. You just stop the malware from injecting into browser etc and ur data is safe.
     
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Right, but that is wholly different from claiming to "encrypt keystrokes between the keyboard and your applications" or whatever.
     
Loading...
Thread Status:
Not open for further replies.