Kaspersky Lab researchers have found a new malware called NukeBot, which contains a code designed to steal online banking customer information from specific banks, mainly from France and the United States.
The global security company found that the malicious code “injects” into online banking webpages, stealing user data and credentials.
The Trojan was recently known to security industries as TinyNuke, although criminals now have a “ready-to-attack” version, which might affect a wide-scale malicious campaign, according to a Kaspersky Lab analysis.
Kaspersky Lab found 5% of NukeBot’s new ‘combat versions’, which have helped attacking capacities and source codes, which included specific pieces of code that copies user interface of real online banking services.
‘Infected websites, spam and phishing’
Security Expert at Kaspersky Lab, Sergey Yunakovsky, said: “While criminals behind recent version of this malware currently are not actively distributing NukeBot, this may, and likely will, change very soon. We’ve already seen this before with some other malware families: after a short testing period of a ready-to-attack malware, criminals start distributing it widely through infected websites, spam and phishing.
“So far we have seen NukeBot versions which are ready to attack the customers of at least six banks located in France and the US, however this list of targets looks like only the beginning. The goal of our brief research is to warn the banking community and online banking customers about a potentially emerging threat. We urge interested parties to use the results of our research in order to protect themselves from this threat in advance.”
Several NukeBot modifications were also found that didn’t have web injection functionality, created to steal browser passwords and clients mail.
Written by Leah Alger