Vawtrak
Description
(Sophos) Vawtrak is an information stealing malware family that is primarily used to gain unauthorised access to bank accounts through online banking websites. Machines infected by Vawtrak form part of a botnet that collectively harvests login credentials for the online accounts to a wide variety of financial and other industry organisations. These stolen credentials are used, in combination with injected code and by proxying through the victim’s machine, to initiate fraudulent transfers to bank accounts controlled by the Vawtrak botnet administrators.
Names
| Name |
|---|
| Vawtrak |
| Catch |
| grabnew |
| NeverQuest |
Category
Malware
Type
- Banking trojan
- Info stealer
- Credential stealer
- Botnet
Information
- https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-vawtrak-international-crimeware-as-a-service-tpna.pdf
- https://www.kaspersky.com/blog/neverquest-trojan-built-to-steal-from-hundreds-of-banks/3247/
- https://www.blueliv.com/downloads/network-insights-into-vawtrak-v2.pdf
- https://info.phishlabs.com/blog/the-unrelenting-evolution-of-vawtrak
- https://threatpost.com/pos-attacks-net-crooks-20-million-stolen-bank-cards/117595/
- https://www.fidelissecurity.com/threatgeek/2016/05/vawtrak-trojan-bank-it-evolving
- http://thehackernews.com/2017/01/neverquest-fbi-hacker.html
- https://blog.fox-it.com/2018/08/09/bokbot-the-rebirth-of-a-banker/
- https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows
- https://www.crowdstrike.com/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/
- https://lokalhost.pl/gozi_tree.txt
Malpedia
Alienvault Otx
Other Information
Uuid
a40177a1-056d-489e-b91b-8d7fbc03e068
Last Card Change
2022-12-29