Analysis of Banking Trojan Vawtrak

VAWTRAK is a family of online banking malware. He was first spotted in August 2013 as an information thief. It arrived as a ZIP file attachment in a social design junk mail disguised as package delivery notifications. He stole the stored information from the FTP clients, as well as the login credentials. In November 2013, reports of an online banking Trojan circulated the industry due to its ability to spread rapidly in a short period of time. In May 2014, VAWTRAK was seen targeting online banking users in Japan.

Click here to download RAM Free Antivirus

Complexity of Vawtrak

Vawtrak is famous for its complexity. In January, security experts analyzed the malware code in detail. The data obtained showed that the Trojan is built in several layers which are organized by level of complexity. Vawtrak’s behavior is configured to perform complex steps – decrypt blocks of data, invoke binaries, and use the built-in rich feature set. Malicious operations are performed in the virtual memory space of the Trojan horse.

Secret tactics are used as the malware deceives the users by dropping an image file, this action is performed to distract the victim’s attention. While their attention is directed to the graphics file, the malware removes software protection functions and hides itself from anti-malware applications. Once Vawtrak has been deployed, it creates registry entries to ensure that it is activated when the computer is restarted.

The virus is used against social networks, retail stores and online gaming portals. His modifications included eavesdropping on banking sessions, modifying web traffic data, overcoming encryption setups, and stealing sensitive data. Banks and financial institutions are one of the biggest targets of the Trojan horse.

What is the impact of VAWTRAK to users and organizations?

VAWTRAK infection can lead to financial loss for users and organizations due to its information theft capabilities. Organizations have a lot more to lose as VAWTRAK’s information theft techniques can also capture critical customer data and company secrets.

How Users Can Protect Against Banking Trojans

  • Keep security, application and utility software up to date.
  • Use two-actor authentication whenever the option is available.
  • Only download apps and files from trusted sources.
  • Use a browser you trust when shopping and banking online.
  • Use all the security features offered by banks.
  • Use a password manager. Most banking Trojans can log keystrokes. By using a password manager to fill in passwords, you avoid physically typing credentials, which essentially makes a keylogger useless.
  • Compare your bank’s login screen on your computer with the same login screen on someone else’s to make sure they look the same.
  • Use traffic filtering solutions to prevent data leaks.
  • Take any security awareness training offered by your business or organization.
  • Find out how to spot phishing emails and avoid clicking on suspicious links. This is how most banking Trojans are installed.
  • Learn how to spot fake websites.

VAWTRAK has undergone noticeable improvements since it was first spotted in August 2013 as an attachment to fake shipping notification emails. Combined with the continued use and abuse of malicious macros and Windows PowerShell, cybercriminals have come up with the perfect tool to carry out their data theft routines. RAM Ultimate Antivirus protects users from this threat by blocking all associated malicious files, URLs, and spam. Users are also advised to discern fake emails from legitimate ones, and in this case, real airline tickets or bogus receipts.

This article covers the answers to some of your frequently asked questions:

Recent Posts

People May Also Like…