A few months back we were warning web users about the rise of a new type of internet threat: Open-source malware – the Citadel Case. We explained how the Citadel Trojan can rapidly be customized and how this new development in the malware-producing industry can affect you. Now, we’re back with further, even worse, news on the matter: powerful Citadel-based attacks have been ravaging US users’ computers… and their pockets.
As if the Citadel Trojan wasn’t damaging enough as a banking Trojan alone, malware creators have partnered it up with Reveton, to hijack victims’ computers and ask for ransom in order to free them from their malicious grasp. We can only assume this partnership was made fairly easy thanks to Citadel’s open-source nature.
A bit of background on the Citadel malware…
Citadel emerged as a dangerous threat in late 2011, following the leakage of the source code that made up Zeus, the most reputable banking Trojan in malware history. Cybercrooks grabbed the leaked code and created new strains of it. Citadel is one of them. Its main feature is the "Citadel community" where wannabe malware creators receive "technical support" and advice on developing new strains, should they ask for such information from fellow cybercrooks. Hence, the open-source nature.
The fact that cybercrooks added Reveton to Citadel, after only few months from Citadel’s birth, shows how rapidly malware can be customized.
The latest attack starring the Citadel-Reveton combo was able to:
- steal banking credentials from users
- freeze computers until victims paid ransom. How did it work exactly? Victims accessed sites that hosted the ransomware – of which, of course they had no clue of. Then, the evil piece installed itself on their computer via a drive-by download. Once installed, it blocked their computer and a pop-up window warned they had violated the US federal law. It also said that FBI had identified their IP address and that they had visited a website with illegal content. At which point it asked them to pay a fine to the U.S. Department of Justice, in order to unlock their computer.
Online security at risk. More malware attacks to come?
With cyber criminals working together and combining their skills to come up with new, ingenious malware attacks, the continuous evolution of Citadel, and the banking sector being heavily targeted, banking institutions and consumers alike have to put in place powerful security measures – no matter what country they’re from. Surely, the Citadel-Reveton attacks won’t be the last.
Here’s some security advice:
- Stay abreast of Citadel’s evolution, and of every banking malware, for that matter. You can start by consulting BullGuard’s Security Centre.
- Be tough – don’t fall for the scare tactic! If you ever get a message similar to the one described above, immediately contact the state bodies mentioned in the ill-intended message.
- Install proper security on your computer – an Antivirus paired with Safe browsing tool should do. BullGuard Internet Security comes with both.
Ever dealt with banking malware? Do you find these security tips useful? Share your thought with us!