Chewbacca', a new Tor-based Banking Trojan Spotted by Researchers
ChewBacca is not first that adopt Tor for anonymity. Recently a new Zeus Trojan variant was also found in the wild that also based on Tor network and aimed at 64-bit systems.
Researchers did not told that how they discovered Chewbacca, or the extent to which it has spread, but they Found that the Malware is compiled with Free Pascal 2.7.1.
When malware is executed on the victim's windows system, it drops as spoolsv.exe in the startup folder and also drops a copy of Tor 0.2.3.25, which runs with a default listing on "localhost:9050". The Trojan then logs all keystrokes and sends the data back to the botnet controllers via Tor anonymity network.
The Malware also enumerates all running processes and reads their process memory. According to the Kaspersky researchers, The Command-and-Control server is developed using LAMP, that is based on Linux, PHP, MySQL and Apache.
The botnet's Command-and-Control server login page have an image of a character (ChewBacca) from the film series Star Wars.
The Activities of Cyber Criminal associated with the financial Trojan programs has increased rapidly during the past few months. However, the Tor-based architecture is the favorite one with Cyber criminals, to hide their bots and the botnet's Command-and-Control real location from the security researcher.
Security Researchers belonging to anti-virus firm Kaspersky Lab have Found a new Tor-based banking trojan, dubbed "ChewBacca" ("Trojan.Win32.Fsysna.fej") ,that steal banking credentials and hosted on a Tor .onion domain.
This protects the location of a server as well as the identity of the owner in most cases. Still there are drawbacks preventing many criminals from hosting their servers within Tor. Due to the overlay and structure, Tor is slower and timeouts are possible. Massive botnet activity may influence the whole network, as seen with Mevade, and therefore let researchers spot them more easily.
ChewBacca is not first that adopt Tor for anonymity. Recently a new Zeus Trojan variant was also found in the wild that also based on Tor network and aimed at 64-bit systems.
Researchers did not told that how they discovered Chewbacca, or the extent to which it has spread, but they Found that the Malware is compiled with Free Pascal 2.7.1.
When malware is executed on the victim's windows system, it drops as spoolsv.exe in the startup folder and also drops a copy of Tor 0.2.3.25, which runs with a default listing on "localhost:9050". The Trojan then logs all keystrokes and sends the data back to the botnet controllers via Tor anonymity network.
The Malware also enumerates all running processes and reads their process memory. According to the Kaspersky researchers, The Command-and-Control server is developed using LAMP, that is based on Linux, PHP, MySQL and Apache.
Chewbacca is currently not offered in public (underground) forums, like other toolkits such as Zeus. Maybe this is in development or the malware is just privately used or shared.
The botnet's Command-and-Control server login page have an image of a character (ChewBacca) from the film series Star Wars.
Cyber Criminal activity
associated with the financial Trojan programs has increased rapidly
during the past few months. However, the Tor-based architecture is the
favorite one with online criminals, to hide their bots and the botnet's
Command-and-Control real location from the security researchers
Cyber Criminal activity associated with the financial Trojan programs has increased rapidly during the past few months. However, the Tor-based architecture is the favorite one with online criminals, to hide their bots and the botnet's Command-and-Control real location from the security researchers
Cyber Criminal activity associated with the financial Trojan programs has increased rapidly during the past few months. However, the Tor-based architecture is the favorite one with online criminals, to hide their bots and the botnet's Command-and-Control real location from the security researchers
