Kaspersky detects NukeBot versions

KASPERKSY Lab ZAO has announced in mid-July that it has detected new versions of a banking Trojan virus called NukeBot.

While recent samples of this computer virus seemed to pose no danger, the firm’s experts have recently uncovered some that are capable of breach.

“There are already a number of compiled samples of this Trojan in the wild—shared on underground hacking forums,” Kaspersky Lab said on July 24. “Most of these are rough, barely operational malware drafts; however, the company’s experts have managed to identify some that pose real threat.”

The Russian cybersecurity firm claimed that around 5 percent of all the samples it found new “combat versions” of the NukeBot. These samples show upgraded codes and abilities for attack.

“Among other things, these versions contain injections—specific pieces of code, which mimic parts of user interface of real online banking services,” Kaspersky Lab explained.

The behavior of the NukeBot’s new versions, based on injections analysis, seems  to be targeting users of a number of French and US banks, the cybersecurity firm noted.

The NukeBot breaches the target by injecting a malicious code into the online banking service’s Web page and steals the user’s data.

“Although the appearance of a malware family in the wild is not unusual, the fact that criminals have a ready-to-attack version of the Trojan, means that, soon, they may initiate a wide-scale malicious campaign to infect multiple users,” Kaspersky Lab said.

The people behind the new versions of this Trojan do not distribute the NukeBot at this point in time, explained Sergey Yunakovsky, Kaspersky Lab security expert.  However, the situation may change soon.

“We’ve already seen this before with some other malware families: After a short testing period of a ready-to-attack malware, criminals start distributing it widely through infected web sites, spam and phishing,” he said. “So far, we have seen NukeBot versions [that] are ready to attack the customers of at least six banks in France and the US.”

These banks could only be just the beginning of more attacks, Yunakovsky noted.