What Has Been Vawtrak Doing in the Recent Years?
Previously, Vawtrak was targeting financial institutions in Japan, but now the malware has broadened its horizons to social networks, analytic firms, online retailers and game portals. Despite the fact that people involved in the Stubhub operation have been arrested in Canada and the UK this summer, the malware does not appear to draw back anytime soon. As a matter of fact, considering the takedowns of Gameover Zeus and Shylock recently, we probably should expect an increase in the Vawtrak operations.
The experts from Phishlab detected signs from Vawtrak through the Cutwail botnet, which is the highest-volume spam-delivering operation in the world at the moment. The latest Vawtrak operation involved introducing a spam template into the Cutwail botnet that uses DocuSign and AT&T brands to lure victims into an exploit kit.
The New Targets and Capabilities of Vawtrak
As of the moment of this writing Vawtrak targets US, Australia, Canada, the UK, Turkey, and Slovakia. The latest version of the malware can gain additional personal information to exploit users by using web injects.
Authorities may encounter certain difficulties in the detection and prevention of criminal activity because of the highly advanced data-hiding tactics. The newly acquired web inject capabilities of Vawtrak allow the malware to alter encrypted data in the Web traffic. In other words – Vawtrak can now steal login credentials and activate fraudulent bank transactions within online sessions.
Vawtrak spreads to more companies, industries and should not be taken lightly. There are many protective measures that users can take:
- Avoid checking your personal bank account statements on open networks.
- Conduct as little personal business as possible on open networks.
- Make sure to use the latest version of your antivirus program.