Backswap

Description

(CERT.PL) Backswap is a banker, which we first observed around March 2018. It’s a variant of old, well-known malware Tinba (which stands for “tiny banker”). As the name suggests, it’s main characteristic is small size (very often in the 10-50kB range).

Backswap carries out multiple harmful activities. Big ones are: injecting Webinjects and stealing credentials. Supported browsers involve Internet Explorer, Mozilla Firefox, Google Chrome. Some variants also swap the contents of the clipboard when bank/cryptocurrency account number is found.

Names

Name
Backswap

Type

Banking trojan
Credential stealer

Information

https://www.cert.pl/en/news/single/backswap-malware-analysis/
https://research.checkpoint.com/2018/the-evolution-of-backswap/
https://securityintelligence.com/backswap-malware-now-targets-six-banks-in-spain/
https://www.f5.com/labs/articles/threat-intelligence/backswap-defrauds-online-banking-customers-using-hidden-input-fi
https://www.cyberbit.com/blog/endpoint-security/backswap-banker-malware-hides-inside-replicas-of-legitimate-programs/
https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.backswap

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Backswap

Other Information

Uuid

918148af-92e2-42dc-b5bd-eb700a11ec39

Last Card Change

2020-05-24

Threat Intelligence Garden

Explorer

Backswap

Backswap

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks