The SilentBanker Trojan, as its name implies, targets financial web pages, using a keylogger to steal password details. Although the Trojan itself isn’t new, there is a fresh wrinkle that makes it far more dangerous – a root kit that hides infected files when a user searches for them, according to Vnunet.
Symantec researcher , Liam O’Murchu explained:
“Whenever a user tries to view any files on the computer, the Trojan intercepts that request and removes any reference to the Trojan’s files effectively – making the files invisible.”
“The last version of Trojan Silentbanker targeted over 400 banks some of which use two factor authentication. The current version, as well as hiding itself, has also added extra protection to its configuration files in order to make it more difficult to discover which sites are being targeted.”
The two factor authentication is something banks rely on to try and stop hackers.
The new version of SilentBanker is being distributed by spam, which might prove to be very effective, given the rise in phishing attacks trying to take advantage of the current bank confusion.