Beta Bot banking malware surfaces

By on
Beta Bot banking malware surfaces

Includes rootkit that blocks security sites.

Fraudsters are shopping around malware that's been repurposed to carry out financial fraud and provide root access to infected machines.

Crooks began selling Beta Bot in January on underground online forums and reached the radar of RSA researchers after some 20 victims were infected.

RSA fraud researcher Limor Kessem said Beta Bot's creator was likely a skilled programmer who could be new to malware development, particularly in coding financial trojans.

Beta Bot was redeveloped from existing malware over 18 months prior to its launch so that it could be used for financial fraud, Kassem said.

Once an HTTP bot capable of carrying out automated tasks from a command-and-control server, Beta Bot now was packaged with a rootkit which blacklisted compromised machines from visiting security websites and offers a “kill switch” to disable competing malware on the machine.

Beta Bot stole data including bank login credentials by capturing victim's HTTP requests – but the developer likely aimed to add newer banking trojan features, like man-in-the-browser capabilities that offer attackers a more automated way to pilfer information.

The trojan was being sold from anywhere between $320 to $500 on the black market.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?