Wednesday, December 17, 2014
Crimeware-as-a-Service Banking Malware
SophosLabs researcher James Wyke analyzed the malware family Vawtrak used primarily to steal money from victims’ banking and other financial account. The analysis indicates that the people behind the malware are running the crimeware-as-a-service, targeting specific geographic regions and institutions including Bank of America, Wells Fargo, Capital One, Citigroup, Chase, and Fidelity banks. Banks in Canada include TD Bank, Scotia Bank and Desjardins.
Sophos found Vawtrak was the second most popular malware distributed by web-based exploit kits between September-November 2014 representing 11% of all malware replacing Zbot as the leading banking malware botnet. Vawtrak operators are setting up the botnet to deliver crimeware-as-a-service, rather than following a more traditional kit-selling model that older families such as Zeus or SpyEye once employed.