New Banking Trojan Targets All Major Browsers.

[Ceyfer √]

Dubbed Tatanga, the trojan is written in C++ and is organized in modules with different functionality which are decrypted in memory as needed.

Like other banking trojans, Tatanga executes Man-in-the-Browser (MitB) attacks in order to perform unauthorized transactions from the accounts of its victims

Tatanga hooks into explorer.exe and can inject HTML in Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Minefield (Firefox dev builds), Maxthoon, Netscape, Safari and Konqueror, basically every popular browser.

Other noteworthy features include support for 64-bit Windows, anti-VM technology, mobile OTP phishing and Trusteer Rapport evasion.

Multi-browser based trojan... All-in one package!

Sources:

• Softpedia | Malware Analysis by S21sec.
• Microsoft : Trojan:Win32/Mariofev.B

[Raymond]

First of all, made in C++ so that it runs on all Windows without dependencies.
Seems like the person who made this Trojan knows what he is doing.

[Ceyfer √]

First of all, made in C++ so that it runs on all Windows without dependencies.

Yeah. In fact, the author just updated the malware just days ago. Seems like it going to support more browsers and able to adapt & adjust quickly against the odds.

[ted]

one of the many reasons i dodge online banking

[Bluedot]

Safety measures of course could be using a good anti-malware and a good anti-logger. Also, one should use virtual keyboards, etc. for online banking to decrease chances of being scammed.

[INDRANIL]

Great news . Thanks for the heads up . Now we can expect something more from the author .

[Alboguy]

Yeah. In fact, the author just updated the malware just days ago. Seems like it going to support more browsers and able to adapt & adjust quickly against the odds.

Is it in beta stage or it's stable release? :P

[Bearcat]

Thanks for the read ceyfer! Something else to keep an eye out for. I just wish these people would put their talents to better use.

[luffy]

All-in one package <---Good deal.

---------- Post added at 08:58 PM ---------- Previous post was at 08:50 PM ----------

According to this screenshot:
http://3.bp.blogspot.com/-vZnxtNAPCoI/TWezKeI0LMI/AAAAAAAAAss/KWP43XMLVo4/s1600/demo.png
It will make the user doing a "demo transfer"? Or it does all by itself without asking?

[Boyfriend]

Thanks ceyfer for read It seems that MitB attacks will arise due to greater scope (C++, browser independent, x64 compatibility, Trusteer Rapport evasion, etc.). Secure OS (e.g., live boot CD) will be better alternative for banking now.