Banking Trojan Communicates Through Microsoft SQL Server

2 Min Read

Security experts have found a banking trojan originating from  Brazil which works using different methods, including unusual command and control (C&C) server and various social-engineering methods.

Malware analysts at IBM X-Force examination team, uncovered that hackers are utilizing the malware – named MnuBot – for the most part in Brazil to perform illicit exchanges on open banking sessions of victims.

“MnuBot… has the same capabilities as most RATs,” Tomer Agayev, threat research team lead at IBM security, told journalists at Threatpost. “It allows the attacker to gain remote access to the infected machine, including displaying fake windows of various banks on the victim’s machine.”

When it infects a system, MnuBot  utilizes a wise social engineering technique called a full-screen overlay form, which keeps the client waiting while the hacker commits the malicious activity.

Overlay shapes, like those utilized by numerous other malware families, are used to keep the victims from getting to their open banking sessions inside the web browser. A pop-up shows up, and in the mean time, out of sight, the attacker takes control over the attacked users endpoint and executes illegal transaction.

Agayev siad that no more information about MnuBot can be disclosed.

Source: threatpost.com

Share This Article
Leave a comment