February 28, 2011

A new banking trojan with Man-in-the-Browser functions has been affecting European banks. Identified by Spanish information security services company S21sec's e-crime unit, the trojan - nicknamed Tatanga - appears to be a difficult to detect browser-based attack that is capable of several functions, including automatic transactions and masking real account balances.

In a blog post detailing the new trojan, S21sec writes:

The trojan in question is rather sophisticated. It is written in C++ and uses rootkit techniques to conceal its presence, though on occasion, its files are visible. The trojan downloads a number of encrypted modules (DLLs), which are decrypted in memory when injected to the browser or other processes to avoid detection by antivirus software.

So far, S21sec writes, the Tatanga trojan has been identified as affecting banks in the United Kingdom, Spain, Germany and Portugal. The trojan itself affects eight browsers: Internet Explorer, Firefox, Chrome, Opera, Maxthon, Netscape, Safari and Konqueror.

ABOUT THE AUTHOR