The sophisticated banking trojan named Terdot, which had been developed on the base of infamous Zeus trojan, has got some new features allowing its operators to track and modify user posts on Facebook and Twitter networks, and to intercept personal messages.
The Terdot trojan’s activity was discovered by security researchers in 2016. The banking trojan attacked users mainly in the US, Canada, Britain, Germany and Australia. The malware has a number of functions, including the ability to perform “Man-in-the-Middle” attacks, infect websites with malicious code, steal sensible information from web browsers, including logins/passwords and credit card data.
Accoding to Bitdefender experts, new version of the Terdot trojan has expanded capabilities, allowing cybercriminals to spy on victims’ entire online activity. The malware is now able to exploit social media accounts for further data theft.
Once Terdot receives an appropriate command, it can post malicious links to its copies in victim’s Facebook and Twitter accounts in order to spread itself to other users. In addition, the Terdot trojan is able to steal victim’s credentials and cookies. Trojan operators use this information for various purposes. For example, they can resell access to social network accounts on darknet.
Notably, Terdot trojan attacks various social media, except the popular Russian “VKontakte” network, that may indicate the Eastern European origin of the trojan’s authors.
The trojan is distributed using phishing emails containing a download link to malicious PDF document. Once the file is downloaded to victim’s system, Terdot infiltrates into the browser processes to intercept web traffic. It can also download additional spyware to extract data and send it to its C&C servers.
The new features bring the Terdot trojan to a new threat level, turning it into a powerful tool for espionage which is difficult to detect and remove from the system.