Kronos Banking Trojan Evolves to Osiris

This article is about the newest iteration of the Kronos Banking Trojan and what new features it brings to the cybersecurity landscape. Malware researchers ponder whether the malware has developed into the new Osiris Trojan horse.

Kronos Banking Trojan 2018 – New Campaigns

Malware researchers from Proofpoint Security have been keeping a close track of the activity revolving around the Kronos Banking Trojan. In the past few months, these security researchers have deduced that multiple campaigns for this specific malware have been targeting particular parts of the World as a sort of a test. April is the month that marks the first appearance of the new campaigns.

Proofpoint state that the major change in the code of Kronos is that the old C&C (Command and Control) servers are no longer used. Instead, the TOR network has been implemented to host the new C&C control panels. The first sighting of this new feature has occurred earlier in 2018 and more specifically – in April.

Since then, three major campaigns have been divided, according to the country that they have impacted, respectively Germany, Japan, and Poland. German users have been targeted between June 27th and June 30th. This email campaign featured malicious documents containing macro-scripts downloading Kronos that were targeting a few different financial institutions.

The second campaign involved a malvertising chain that utilized the payload of the ZeuS Trojan Virus but ultimately loaded the new version of Kronos. Japanese users have reported the attack on the 13th of July.

Third and latest, distinct email campaign was observed two days after the Japanese reports, while this time the country of Poland served as the primary target. Emails contained fake invoices, such as “Faktura 2018.07.16(Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Tsetso Mihailov. Read the original post at: