The banking Trojan Neverquest has recently received a major update that makes it more deadlier than before. The new update make it potent to inject code into webpages and stealing credentials by hijacking the PC of victim. Given the new update, the new strain of the malware is now being referred as Neverquest 2. Both the first and the updated version belong to the family Vawtrak.
Neverquest was the version of Trojan Gozi that became infamous for stealing millions of dollars from bank accounts few year back. All this happened 3 years back. The latest malware has become more lethal and more deadly. It has been loaded with plugins that can deliver 266 new web-injections. Like its predecessor, Neverquest 2 is also slated to target the banks and financial websites, government agencies, online public record aggregators and payroll services. However, the new version can now also target Bitcoin commerce sites something which was missing in the original version.
The Modus Operandi of Neverquest 2 is similar to its predecessor. Once the infected machines visit pre-programmed targeted sites, the web-injections that inserts extra fields into targeted web forms and steals your sensitive credentials. There are few more updates that Neverquest 2 has received. Firstly, a new domain generation algorithm has been found in Neverquest 2. This algorithm enables it to produce a large number of domain names that can be used to link with command and control server. Secondly, the malware has been loaded with new modules that enable it to backconnect and steal certificates.
The preventive measures remain the same. Don’t fall for phishing, Spearphishing and redirection attacks. Keep your security software updated and also keep your security team updated of this new threat. Its too early to comment on how to effectively remove the new malware because it is still in the stage of development. However, preventive measures will definitely help in keeping the threat away.