28,000 enterprise machines compromised by Sazoora trojan

By

Swipes data.

A new variant of the Sazoora data-hijacking trojan has compromised 23,000 machines across enterprises in Europe and the US, researchers say.

28,000 enterprise machines compromised by Sazoora trojan

Seculert CTO Aviv Raff said the malware struck the machines from late last month affecting companies in Austria, Switzerland, Belgium and the US.

An older version hit users in Slovakia via a tax return spam hoax that at the time was described by anti-virus firm ESET as an “ordinary credentials-stealing trojan” which used HTML injects to collect data from users' Internet Explorer, Firefox and Chrome browsers.

Raff said the malware was now more capable, notably in evading detection and proliferation.

He said the Sazoora.B variant lay dormant on victim machines for 15 minutes before authenticating with its command-and-control server and exfiltrating data.

“They've made some changes which made it less detectable by traditional security solutions [as well as] harder to hijack the botnet,” Raff said. “Before the command-and-control server starts [receiving] data, it's verified by some sort of digital signature.”

The new malware variant also uses form-grabbing capabilities, so that the content of any online form – whether email or otherwise – can be purloined by hackers, Raff added.

“We see it targeting mostly enterprises, so it tends to attack [with the goal] of extracting data from those specific enterprises,” he said.

Seculert has yet to identify the campaign's attack vector, but since Sazoora.A used phishing emails to target users, the new variant is likely using the same tactics, Raff said.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?