CoreBot Malware: What Is It, How It Works, How and If It Affects You

Latest Trojan CoreBot Targets Online Banking Sites Malware: What Is It, How It Works, How It Can Affect Your Business

 A few months ago, you may have heard about DyreWolf phishing malware scam which specialized in targeting businesses and organizations (as opposed to attacking individuals)…And now CoreBot malware is one of the latest threats to cybersecurity.

The malware got its name from the developer who called the file “core.” The Trojan is delivered through a drop file that leaves as soon as CoreBot is executed on the target machine. The stealer then adds a code to the Windows Registry to stay alive.

 The malware can steal passwords, and the modular plugin allows the developer to easily add more functions. CoreBot currently can’t intercept data in real time, but it is a threat to email clients, wallets, FTP clients, private certificates and some desktop apps.

How It Works

 First, the malware gets a foothold on Internet Explorer, Firefox and Chrome so that it can monitor your browsing habits, grab forms you fill out and execute web injections. When it detects a relevant website, the form-grabber kicks in to steal your personal information.

 The web injections are then activated to display a phishing page that tricks you into supplying additional information. This is when the cybercriminals behind the scam are alerted and take charge of the session in real time by way of a Man-in-the-Middle (MitM) attack.

 You are kept busy with a “please wait” message while the hacker connects to your intended destination through a virtual network computing (VNC) module. Once in, the cybercrook initiates new transactions or hijacks the current transfer process to send the money to another account.

How It Can Affect Your Business

 So far the victims of CoreBot have been large financial institutions, so your business is probably not yet at risk. If you think you might be affected, contact a technology support specialist in the Bay Area to get started with your free network assessment started for a health-check of your network environment.

With the right strategic San Francisco IT support on your side, not only will you be able to address your existing concerns for your organization’s technological health, but also plan ahead to anticipate, avoid and mitigate any future disasters.

Business tech support firms monitoring botnets see about 60 CoreBot infections every day. Approximately one quarter of the infections occur in the United States, but the malware is also found in the United Kingdom, Russia, Japan, Egypt, Moldova, Taiwan, India and Vietnam.

 While data theft can pose a threat to the average end-user, cyber criminals targeting sensitive data and financial information know that the greatest damage can be done when they breach corporate systems.

With that in mind, malware attacks such as CoreBot are only the beginning as cybercriminals seek to gather the data needed to infiltrate organizations and steal valuable information!

Comments are closed.


San Francisco Office
315 Montgomery St., 9th Fl
San Francisco, CA 94104

P 415-759-8500

Concord Office
1800 Sutter St., Ste 680
Concord, CA 94520

P 925-459-8500