Wednesday, May 22, 2013
A new variant of the Citadel Trojan hunts on Payza users
Recall that the Citadel - this Trojan is designed mainly to steal details of online banking, but it is also associated with the program-extortionist Reveton, which locks the computer and displays a warning about the need to transfer certain payments to unlock. Like most of the other Trojans, Citadel is embedded in the system processes an Internet browser, and can modify the page that you open on your computer. This technique is referred to as slang experts as MitB or Man in the Browser. It is quite difficult to detect by the user without the use of anti-virus solutions, as in the address bar of the browser issued a legal address of the visited site.
The new version of the Citadel, found Trusteer, contains MitB-code, which replaces the input field Payza details of the payment system to the login page. Moreover, the malware requests to add PIN-field in the form of authentication. "Payza Transaction PIN is used each time a user transfers funds from one account to another, deposit funds or makes payments. Received the PIN-code, user name and password Payza, cybercriminals can fully capture his account and make any remittances" - says Itey Maor, a specialist in IT security Trusteer.
Payza payment system similar to PayPal, but it is focused on developing countries. London-based company owns Payza MH Piullars.
In Trusteer said: the new Citadel uses to catch its own implementation at https://secure.payza.com/login and https://www.alertpay.com.