Corkow Trojan Targets Bank Customers, Bitcoin Owners and Android Developers

Geographical distribution of Corkow infections

Security researchers from ESET have been monitoring the activities of a banking Trojan that appears to be used by cybercriminals to target people in Russia and Ukraine. The threat, Win32/Corkow, is primarily a banking Trojan, but it has several noteworthy capabilities.

According to experts, the threat is modular, which means that its creators can extend its capabilities by using various plugins.

Corkow can log keystrokes in an effort to steal passwords, it can grab screenshots, and inject phishing pages to trick users into handing over their personal and financial information. Other modules allow cybercriminals to install the Pony password-stealer and harvest browsing history.

Even more interesting is the Trojan’s interest in login credentials for Bitcoin websites, and in the computers of Android developers who publish their applications on Google Play.

Experts say there was an 8-month period in 2012 in which the malware lay dormant, but after that, it was brought back to life.

ESET will publish additional technical details on the Corkow malware next week. In the meantime, you can check out the company’s blog post on this banking Trojan.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s