Security Affairs
Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Terdot Banking Trojan is back and it now implements espionage capabilities

The Terdot banking Trojan isn’t a novelty in the threat landscape, it has been around since mid-2016, and now it is reappearing on the scenes. According to Bitdefender experts, vxers have improved the threat across the years, implementing credential harvesting features as well as social media account monitoring functionality. The Terdot banking Trojan is based on the Zeus […]

Terdot banking Trojan

The Terdot banking Trojan isn’t a novelty in the threat landscape, it has been around since mid-2016, and now it is reappearing on the scenes.

According to Bitdefender experts, vxers have improved the threat across the years, implementing credential harvesting features as well as social media account monitoring functionality.

The Terdot banking Trojan is based on the Zeus code that was leaked back in 2011, the authors have added a number of improvements, such as leveraging open-source tools for spoofing SSL certificates and using a proxy to filter web traffic in search of sensitive information.

Terdot is a complex malware. Its modular structure, complex injections, and careful use of threads make it resilient, while its spyware and remote execution abilities make it extremely intrusive.” states the report published by BitDefender.

The ability of the Trojan in powering man-in-the-middle attacks could be exploited also to manipulate traffic on most social media and email platforms.

The Terdot banking Trojan implements sophisticated hooking and interception techniques, experts highlighted its evasion capabilities.

The banking Trojan is distributed mainly through compromised websites hosting the SunDown Exploit Kit. The Bitdefender researchers observed crooks spreading it through spam emails with a bogus PDF icon button which, if selected, executes JavaScript code that drop the malware on the victim’s machine.

Terdot banking Trojan

Once installed on the victim’s machine, the Terdot banking Trojan downloads updates and commands from the C&C server, the URL it the same it sends system information to. The Trojan also used a Domain Generation Algorithm (DGA).

Terdot goes above and beyond the capabilities of a banker Trojan. Its focus on harvesting credentials for other services such as social networks and email service providers could turn it into an extremely powerful cyber-espionage tool that is extremely difficult to spot and clean,” Bitdefender concludes.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Terdot banking Trojan, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]