Karius

Description

(Check Point) The Check Point Research team recently came across one such banking Trojan under development and already being distributed through the RIG Exploit Kit. Dubbed ‘Karius’, the Trojan aims to carry out web injects to add additional fields into a bank’s legitimate login page and send the inputted information to the attacker.

While Karius is not yet in full infection mode, initial tests have already been made and our research below shows the evolution of how such malware takes place. Our analysis also shows how banking trojans such as Karius are put together and makes use of code from other well-known bankers such as Ramnit, Vawtrak and TrickBot.

Names

Name
Karius

Type

Banking trojan
Info stealer
Credential stealer

Information

https://research.checkpoint.com/2018/banking-trojans-development/
https://dissectmalware.wordpress.com/2018/03/28/multi-stage-powershell-script/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.karius

Other Information

Uuid

a68618b6-5b31-43fd-a615-e48d35fae028

Last Card Change

2020-05-23

Threat Intelligence Garden

Explorer

Karius

Karius

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks