Saturday, February 27, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Silent Night Zeus financial botnet sold in underground forums

May 24, 2020
in Internet Security
Silent Night Zeus financial botnet sold in underground forums
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Researchers have revealed the existence of a botnet based on the Zeus banking Trojan that is being sold in underground forums.

On Thursday, Malwarebytes and HYAS published a paper (.PDF) documenting Silent Night, a relatively new botnet being distributed via the RIG exploit kit and COVID-19 spam. 

You might also like

Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid

Chrome will soon try HTTPS first when you type an incomplete URL

Go malware is now common, having been adopted by both APTs and e-crime groups

The source code of the Zeus banking Trojan was leaked in 2011. Multiple variants — often coming under the Terdot Zbot/Zloader umbrella — have been developed and released since.

Over the past few months, another variant of Zeus — known as Zeus Sphinx — has been making the rounds in campaigns designed to capitalize on the fear of COVID-19. This malware strain has been spotted in scams ranging from emails promising COVID-19 financial relief to attacks against banks. 

See also: Zeus Sphinx malware resurrects to abuse COVID-19 fears

The cybersecurity researchers said that the “Silent Night” Zbot, perhaps named in reference to a weapon mentioned in the 2002 movie xXx, appears to have been developed recently, with version 1.0 timestamped in November 2019. 

At a similar time, a Russian exploit forum user called “Axe” announced the development of the variant, describing the malware as the result of over five years of work. The botnet comes with a stiff price tag of $4,000 per month for a custom build, $2,000 per month for a standard option, and extras are offered for hundreds of dollars on top of these subscriptions.  

The developer has been connected to Axe Bot 1.4.1, which shares PHP prefixes with the latest botnet. 

According to Malwarebytes, Silent Night is able to grab information from online forms and perform web injections in the Google Chrome, Mozilla Firefox, and Internet Explorer browsers — Edge being the exception — and the malware is also compatible on all operating systems.

CNET: Personal data used in COVID-19 unemployment claims exposed in data breach

The Silent Night Zeus variant is also able to perform keylogging, grab screenshots at a size of 400×400 based on mouse clicks, steal cookies, and harvest passwords from Chrome. When web injections are performed, this can be used to hijack a user’s session and send them to malicious domains or to grab the credentials required to access online banking services. 

Stolen information is then transferred to the operator’s command-and-control (C2) server.

The developer claims that an original form of obfuscation is in use, with decryption only performed “on demand.” An open directory found in a Silent Night sample described how to set up the malware’s control panel, including minimum configuration requirements of at least 2GB RAM on a Linux machine. 

TechRepublic: Cybersecurity and remote work: How workers are handling the shift

The researchers say that there are C2 similarities between Silent Night and Terdot, but Sphinx is likely based on an “unrelated fork of Zeus” due to major differences in coding. 

At the time that Malwarebytes’ report was published, researchers from Proofpoint also released information on a ZLoader variant being actively spread across the US, Canada, Germany, Poland, and Australia via invoice and coronavirus-based phishing campaigns.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0



Credit: Zdnet

Previous Post

Khloe Kardashian’s Great New Look Doesn’t Fix Her Terrible Attitude

Next Post

7 Characteristics of Machine Learning

Related Posts

Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid
Internet Security

Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid

February 27, 2021
Chrome will soon try HTTPS first when you type an incomplete URL
Internet Security

Chrome will soon try HTTPS first when you type an incomplete URL

February 27, 2021
Go malware is now common, having been adopted by both APTs and e-crime groups
Internet Security

Go malware is now common, having been adopted by both APTs and e-crime groups

February 27, 2021
Why your diversity and inclusion efforts should include neurodiverse workers
Internet Security

Why your diversity and inclusion efforts should include neurodiverse workers

February 26, 2021
Attorney-General urged to produce facts on US law enforcement access to COVIDSafe
Internet Security

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

February 26, 2021
Next Post
7 Characteristics of Machine Learning

7 Characteristics of Machine Learning

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

MindMed Closes Acquisition of HealthMode, a Leading Machine Learning Digital Medicine Company
Machine Learning

MindMed Closes Acquisition of HealthMode, a Leading Machine Learning Digital Medicine Company

February 27, 2021
How AI Can Be Used in Agriculture Sector for Higher Productivity? | by ANOLYTICS
Neural Networks

How AI Can Be Used in Agriculture Sector for Higher Productivity? | by ANOLYTICS

February 27, 2021
Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid
Internet Security

Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid

February 27, 2021
The Ethereum Virtual Machine (EVM)
Data Science

The Ethereum Virtual Machine (EVM)

February 27, 2021
Healthcare leaders debunk 3 myths about machine learning
Machine Learning

Providence exec explains the differences, their healthcare applications

February 27, 2021
Future Tech: Artificial Intelligence and the Singularity | by Jason Sherman | Feb, 2021
Neural Networks

Future Tech: Artificial Intelligence and the Singularity | by Jason Sherman | Feb, 2021

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • MindMed Closes Acquisition of HealthMode, a Leading Machine Learning Digital Medicine Company February 27, 2021
  • How AI Can Be Used in Agriculture Sector for Higher Productivity? | by ANOLYTICS February 27, 2021
  • Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid February 27, 2021
  • The Ethereum Virtual Machine (EVM) February 27, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates