Security researchers from ESET have been monitoring the activities of a banking Trojan that appears to be used by cybercriminals to target people in Russia and Ukraine. The threat, Win32/Corkow, is primarily a banking Trojan, but it has several noteworthy capabilities.
According to experts, the threat is modular, which means that its creators can extend its capabilities by using various plugins.
Corkow can log keystrokes in an effort to steal passwords, it can grab screenshots, and inject phishing pages to trick users into handing over their personal and financial information. Other modules allow cybercriminals to install the Pony password-stealer and harvest browsing history.
Even more interesting is the Trojan’s interest in login credentials for Bitcoin websites, and in the computers of Android developers who publish their applications on Google Play.
Experts say there was an 8-month period in 2012 in which the malware lay dormant, but after that, it was brought back to life.
ESET will publish additional technical details on the Corkow malware next week. In the meantime, you can check out the company’s blog post on this banking Trojan.