loader gif

Houdini trojan hits banking customers with keylogger

Houdini trojan hits banking customers with keylogger (Malware and Vulnerabilities)

According to a blog post by researchers at Cofense, the new strain ofmalware, named WSH Remote Access Tool (RAT) by its developer, is a variant of the VBS (Visual Basic Script) based Houdini Worm (H-Worm) first created in 2013. When opened, the file attachment features a URL that directs them to a .zip archive containing the WSH RAT payload. "When executed on an endpoint, WSH RAT behaves in the same way as Hworm, down to its use of mangled Base64 encoded data. WSH RAT uses the same configuration structure that Hworm uses for this process," said researchers. The downloaded files have the .tar.gz extension but are actually PE32 executable files. There are far better ways to share files than via email - for example a company approved file sharing platform - then the URLs can also be controlled," he said.

loader gif