How Terdot Trojan Has Turned Itself Into A Monster

How Terdot Trojan Has Turned Itself Into A Monster

Terdot trojan, the banking malware was firstly noticed in October 2016. Since then, the malware has grown into a monster that is no longer just a banking trojan. It can also steal your browsing information, modify social media posts, snoop your emails, inject infected HTML codes in websites and operate MITM(Man In The Middle) proxy.

Terdot can eavesdrop and modify traffic on major email and social media platforms like Facebook, Twitter, Yahoo, Gmail.

Note:- Interestingly, terdot has been instructed not to extract any information vk.com, Russia’s most popular social media platform.

The malware automatically updates itself timely and thus can eventually pick up new capabilities.

The malware has affected several Canadian baking institutions like Desjardins, PC Financial, Banque Nationale, Royal Bank and many more.

Also Read: What is a cyber-attack and how it affected us this year?

How Does It Work?

Terdot takes the help of email phishing. It sends emails that contain a PDF attachment. As soon as the recipient opens the PDF file, the malicious JavaScript code in the file downloads and runs the trojan on the hard drive. To make it super stealthy, Terdot is downloaded through a sophisticated chain of downloaders, injections and droppers. It makes Terdot immune to security systems. Sundown Exploit Kit has been used to deliver malware in malware campaigns.

Once installed, Terdot inserts itself inside browser processes and creates a classic MITM proxy. Thus, it can read traffic, deliver codes, steal information and insert malicious JavaScript and HTML codes in responses.

Terdot can intercept any browser traffic by producing false SSL certificates. It also saves both  financial and personal information, injects malicious code into webpages and then transmits saved information to command and control servers. Terdot which is a Zeus based trojan can even harm social media accounts by stealing login credentials and posting fake links through accounts to spread itself to other accounts.

Also Read: The Evil Trinity: Vulnerabilities, Exploits, and Threats

How To Prevent A Terdot Infection?

There are certain ways which can keep your systems safe from a Terdot infection.

  • Enable pop-up blocker: Your pop-up blocker can block ads and pop-ups which are usually chosen by cyber attackers as mediums for infections. Also avoid clicking pop-ups, software offers and suspicious links.
  • Install an Ad-blocker: Strengthen your browser with a powerful ad-blocker program.
  • Protect Your System With An Antivirus Program: It’s good to be precautious. Hence, install a good antivirus or antimalware software on your system.
  • Update Your Windows: Ensure that your windows stays updated always. It will help your system stay more protected from infections.
  • Avoid Suspicious Downloads: Suspicious downloads always come with bundle of freeware which can be infectious.
  • Backup Your Data: It’s good to backup your data on cloud or other devices to avoid irreparable conditions in case of infection.

Also Read: An Insight into Grayware

Terdot is a resilient malware that can spy and work on your accounts remotely. If not stopped, it will itself develop into a powerful cyber spying tool that will be difficult to control.

Quick Reaction:

Leave a Reply

Your email address will not be published. Required fields are marked *