There's a new banking Trojan out there and it's capable of launching man-in-the-browser attacks, warns security researchers from FireEye.
According to Softpedia, FireEye calls the Trojan Feodo. It is likely operated by a single gang. Like other banking Trojans, this one snags online banking credentials and other sensitive information by intercepting data entered into Web forms. However, this threat is targeting an unusually high number of financial institutions, says FireEye researcher Atif Mushtaq:
I can see that the bot herders are instructing its zombies to target over a dozen banks. This is a huge list, I rarely see even bot herders behind Zbot targeting so many banks.
The article explains how Feodo works:
Feodo hooks into the browser process and monitors accessed URLs. If any of them matches a regular expression from its config file, it starts capturing form data and submits to its command and control server. The trojan can also inject rogue form fields in order to trick users into providing more information than is normally required.
Banks are not the only ones at risk from this Trojan. It also targets services like PayPal, Amazon, Myspace or Gmail.