OddJob

Description

(IBM) OddJob’s most obvious characteristic is that it is designed to intercept user communications through the browser to steal or inject information and terminate user sessions inside Internet Explorer and Firefox. We have extracted OddJob’s configuration data and concluded that it is capable of performing different actions on targeted websites, depending on its configuration. The code is capable of logging GET and POST requests, grabbing full pages, terminating connections and injecting data into Web pages.

All logged requests and grabbed pages are sent to the C&C server in real time, allowing fraudsters to perform session hijacks — also in real time but hidden from the legitimate user of the online bank account. By tapping the session ID token, which banks use to identify a user’s online banking session, the fraudsters can electronically impersonate the legitimate user and complete a range of banking operations.

Names

Name
OddJob

Type

Banking trojan
Backdoor
Info stealer
Credential stealer

Information

https://securityintelligence.com/oddjob-new-financial-trojan-keeps-online-banking-sessions-open-after-users-logout/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.oddjob

Other Information

Uuid

e86e1ae5-b560-4be2-bdf5-a5ee26ebcaa9

Last Card Change

2020-05-24

Threat Intelligence Garden

Explorer

OddJob

OddJob

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks