Thursday, January 27, 2022

Carberp Banking Trojan New features – Bootkit and $40K Price Tag

This is a first for the Carberp programmers, which up to now had never distributed its malware to the public, alleged Limor Kessem, communications specialist and team leader for RSA Security’s FraudAction team.

The latest edition of the banking malware comes with strengthened data-stealing capabilities and the addition of the Rovnix bootkit and builder kit for a hefty $40,000 price tag.  The Carberp update is already being distributed for the holiday season.

For fees ranging between $2,000 and $10,000, buyers can purchase the kit as a service, sans the builder and bootkit.

The addition of the Rovnix bootkit is an especially interesting twist in that it infects a computer’s volume boot record, giving it ring0 privileges and making not only difficult to detect, but clean up, Kessem said.

“This is more sophisticated and costly than other malware; we’ve seen no one charge $40,000 for malware. They don’t feel it’s an exaggerated price,” Kessem said. “We haven’t seen who’s buying it, but they believe there will be demand. You have to have resources and know-how to operate the malware. Malware doesn’t come with an install wizard. You have to have knowledge about systems and Windows internals; it’s not simple to do. Whoever buys this will have to know what they’re doing.”

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …