Malicious software reinvents itself more than Madonna. What was once banking malware, has now evolved to also get your social networking and email accounts.
It is a new form of malware based on the well-known Trojan Zeus. Zeus made a lot of noise for being used to steal bank credentials and its variants attacked hundreds of banks around the world. This variant, called Terdot, like other derivatives of Zeus, attacks Windows.
Terdot, the banking Trojan that wanted to be more
Although technically a banking Trojan, Terdot , as they explain in the technical analysis of Bitdefender , can spy and modify traffic on most email platforms and social networks.
Its automatic update capabilities also allow you to download and execute any file that is requested by your operator, which means that you can continue to develop more functions.
How you get infected
The Terdot attack begins with phishing emails . The victim receives a message with a button designed to look like a PDF file . If the person clicks on the button, then javascript code is executed that allows downloading the file with malware.
To avoid being discovered by antivirus software, the malware uses a series of techniques to be downloaded in parts. Once downloaded, Terdot injects itself into the browser to read traffic and execute its code.
It is also capable of injecting spyware, and can not only spy and steal your banking information, but can monitor your social networks and your emails.
In addition to this you can use your networks as propaganda to spread, because it will use your accounts to publish links with copies of the malware for others to download.
Terdot can steal your login information and your cookies and completely hijack your accounts, you can even use this to ask for a ransom, or sell them to someone else.
How do you protect yourself
Although Terdot is extremely efficient at stealing credentials and then hiding your activity, your gateway is through a phishing attack, that is, they have to trick you first to click on something you should not .
You can receive an email or a message through your social networks with a supposed PDF or other type of file. This is a very common practice, and although in your inbox there is antispam and antiphishing technology, if a message of these sneaks in, the only barrier that remains is you.
Avoid clicking on suspicious links, especially if they come from an unknown sender. In case you receive messages with links from your contacts, and you were not waiting for them, ask that person first to see if they really sent you those or not.
Many people do not notice that their accounts have been attacked and have been sending messages to their contacts full of malware. The same counts for your own accounts, if you have already been infected, the malware may have been sending messages to your contacts.
Update your antivirus, reset your browser completely, change your passwords, use two-step verification (especially important, because even if your credentials are stolen, they will still not have the second step in their hands), and do not be a happy trigger when it comes to click.
