Citadel Trojan was based of the older Zeus source code, , the October release of v18.104.22.168 “Rain Edition” of the malware costs nearly $3,400 off the shelf, according to EMC’s RSA security division.
The Rain Edition of Citadel has been armed with a new feature known as “Dynamic Config” that enables botmsters to have speedier interactions with infected victims through browser injection methods.
“This nifty function allows Trojan operators to create web injections and use them on the fly, pushing them to selected bots without the hassle of pushing/downloading an entire new configuration file,” explained Limor Kessem, a cyber intelligence expert at RSA.
“The new mechanism is designed right into Citadel’s Fraud-as-a-Service model,” she blogged. “Botmasters will be able to grant limited access to hired help. Up to five blackhat programmers (per admin) will be afforded a username and password combination to their own section on the administration panel. The injection sellers could create and save their work, get paid by the piece, and work with multiple botmasters – FaaS [fraud-as-a-service] at its best!”