Terdot, a new trojan horse based on the infamous Zeus malware, has been identified by security researchers. And according to Bitdefender, the trojan not only hacks banking and credit card information like its predecessors, but has the capacity to hack into email and social media. The current iteration comes loaded to obtain access to the user’s Gmail, Facebook, Twitter, and Yahoo accounts, and even modify traffic to and from the websites.
What’s more problematic, according to Hackread, is that the Terdot trojan also carries the ability to automatically modify and update itself, which means that it has the ability to download and run any executable file whenever the trojan’s operator requests it. This could potentially allow the trojan to avoid detection by virus scanners, or even load new capabilities or other virus programs.
Terdot is described as an extremely complex malware which builds on the legacy of Zeus, which became widespread in 2009 and infected an estimated 3.6 million PCs in the United States at its peak, spreading mostly through malicious links in emails. The virus, and the hackers behind it, were finally brought down by a concentrated effort by the FBI in 2010, leading to over 100 arrests following the theft of over $70 million from victim’s bank accounts, as well as stealing login credentials for the FTP accounts of over 74,000 websites, including Bank of America, NASA, Amazon, and many more big names.
Terdot is also being delivered through infected emails, experts say, primarily through fake PDF files.
Cybersecurity experts say that Terdot could ultimately be a lot worse than Zeus if it’s allowed to spread. Owing to its primary targets in Australia, the United Kingdom, and the United States, combined with the fact that it leaves Russian social networks alone, they have also suggested that the virus might have a Russian connection.
Owing to the potential difficulty of detecting Terdot, researches have further suggested that a two-vector approach to stopping the virus may be required by institutions, not only deploying a comprehensive security package to cover cyber attack vectors, but identifying and flagging users who may be at risk of falling for phishing or man-in-the-middle attacks and reminding them not to open suspicious documents or click unverified links.
Terdot has currently been running in the wild since June, 2016, and its present spread is unknown, but suspected to still be small.
[Featured Image by Michael Bocchieri/Getty Images]