FireEye Warns of New Banking Trojan

Kara Reeder

There's a new banking Trojan out there and it's capable of launching man-in-the-browser attacks, warns security researchers from FireEye.


According to Softpedia, FireEye calls the Trojan Feodo. It is likely operated by a single gang. Like other banking Trojans, this one snags online banking credentials and other sensitive information by intercepting data entered into Web forms. However, this threat is targeting an unusually high number of financial institutions, says FireEye researcher Atif Mushtaq:

I can see that the bot herders are instructing its zombies to target over a dozen banks. This is a huge list, I rarely see even bot herders behind Zbot targeting so many banks.

The article explains how Feodo works:

Feodo hooks into the browser process and monitors accessed URLs. If any of them matches a regular expression from its config file, it starts capturing form data and submits to its command and control server. The trojan can also inject rogue form fields in order to trick users into providing more information than is normally required.

Banks are not the only ones at risk from this Trojan. It also targets services like PayPal, Amazon, Myspace or Gmail.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data