Beware! Russia’s Kaspersky Lab Detects New Trojan Out for Your CryptoWallets

SputnikNews.com
25.01.2018

Cybersecurity is among the issues being raised on the sidelines of the World Economic Forum, now in full swing in Davos. Russia’s Kaspersky Lab appears to appreciate the significance of the agenda as it has warned of a yet new IT threat – this time to computer users’ financial data.

Specialists from Kaspersky Lab, the biggest cybersecurity company in Russia, have spotted a new Trojan called Mezzo, which was specially developed to hunt for “real,” conventional money as well as cryptocurrencies, the company’s press release states.

Mezzo can falsify data in exchange files between accounting and banking systems and is currently sending information obtained from an infected computer to the criminals’ servers. Analysts say that this may be a signal that the Trojan’s creators are getting ready for an upcoming campaign to steal the money.

Not many computers have been infected by Mezzo so far, but all of them have proved to be in Russia. The virus spreads with the help of external loading programs. Once on a device, the Trojan virus creates a unique identification code for an infected computer which is further used to add a password protected folder on the hackers’ server to store all the files stolen from the victim’s computer.

Mezzo takes a primary interest in text files of popular accounting software, which were created less than two minutes earlier. When it spots these types of documents, the Trojan waits for a dialogue window to open to exchange data between a bank and an accounting system. If this happens it can replace the account details exactly as the exchange takes place. Voila! Your money is sent to them. If no dialogue window opens, Mezzo can even falsify the whole file.

“Analysis of the Mezzo code has shown that the virus can be linked to another much talked about Trojan, which is hunting for cryptocurrencies, the so-called CryptoShuffler. Kaspersky Lab experts have discovered that the Mezzo code and that of AlinaBot, which loads CryptoShuffler, are identical to the very last line. The codes of both viruses have obviously been written by the same virus programmers, thus they may be also interested in users’ crypto-wallets,” the company noted.

The Rest…HERE

This entry was posted on Thursday, January 25th, 2018 at 12:42 pm and is filed under Economics, Technology. You can follow any responses to this entry through the RSS 2.0 feed.