Sunday , February 28 2021
Home / News / Malicious Terdot Attacks Social Media, Email and Financial Services to Get Your Details
Malicious Terdot Attacks Social Media, Email and Financial Services to Get Your Details

Malicious Terdot Attacks Social Media, Email and Financial Services to Get Your Details

The Trojan predominately attacks users of Canadian financial websites and it is likely that the perpetrators behind Terdot have links to Russia.

Many have said that calling Terdot malware a banking Trojan is the same as calling your computer a calculator. While it, in fact, is a banking Trojan, Terdot is also a whole lot more.

The results of a new and in-depth analysis of Terdot show that it is not only able to steal credit card information and login in credentials for online banking and financial institutions but it also has the ability to intercept and modify traffic on social media sites. In addition, the malware has the ability to do the same on email platforms.

The findings were released by Bitdefender, who also stated that because it has the ability to automatically update, it garners new capabilities at any time. In the report, Bitdefender stated that Terdot went above and beyond the known capabilities of a banking Trojan.

The organization has said that because the malware focuses on harvesting information for other services including social media networks and e-mails, it could quite possibly turn into a super-powerful cyber-espionage tool. They also said that it would be extremely difficult to spot and clean on user systems.

As an offshoot of the Zeus banking Trojan, the new malware primarily targets users of Canadian financial websites. These include PCFinancial, Royal Bank, Desjardins, the Toronto Dominion Bank, BMO, Banque Nationale, CIBC, Scotiabank, and Tangerine Bank, Bitdefender has reported.

Microsoft’s login page, Gmail, Yahoo Mail, Twitter, Facebook, YouTube and Google Plus are among the list of non-financial institutions which have been targeted. The organization believes that those behind Terdot may likely be linked to Russia, this follows the discovery that the malware does not attempt to victimise users of Russia’s largest social media platform,

Characteristically, the malware is delivered through a Sundown Exploit Kit. It is also alternatively delivered though malspam communications. To avoid detection, the actual infection chain relies on a series of droppers, injections, and downloaders. But, once activated, the malware steals credentials by injecting HTML code in previously visited web pages.

Then Terdot will perform simple man-in-the-middle attacks. In doing so it directs user queries as well as website responses to its own local proxy server, perhaps altering the communications all along the way. Bitdefender explained that the Trojan even has the ability to bypass Transport Layer Security (TLS).

It does this by falsifying its own certificates for each visited domain. Interestingly when infected on a computer which makes use of Internet Explorer, the malicious malware installs hooks to Win32 API certificate. It then checks various functions in order to trick the browser into trusting these forged certificates.

When it lands up on a computer which makes use of Mozilla Firefox, Terdot will add the source certificate to the browser’s trusted CA list. It does this by using genuine tools supplied by Mozilla.

About Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of, too, a site dedicated to educating people on online privacy and spying.

Check Also

Unblock Facebook at School

Russia to Target Facebook After Attack on Telegram

Following the mass-blocking of millions of IP addresses in the battle against Telegram, Roskomnadzor, the …

Leave a Reply

Your email address will not be published. Required fields are marked *