Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Researchers Discover ‘KINS’ a New Professional-grade Banking Trojan

Researchers have uncovered a new professional-grade banking Trojan that could soon rival Zeus, SpyEye and Citadel in how effectively it spreads.

Researchers have uncovered a new professional-grade banking Trojan that could soon rival Zeus, SpyEye and Citadel in how effectively it spreads.

Dubbed KINS, the new banking Trojan has several features in common with Zeus and SpyEye, as well as having a similar DLL-plugin-based architecture, Limor Kessem, a cybercrime and online fraud communications specialist at RSA, wrote Tuesday on the RSA FraudAction Research Labs blog. It is spread using popular exploit packs such as Neutrino, one of the most sophisticated toolkits currently available.

KINS has a bootkit capability and can infect the computer from a much deeper level, at its volume boot record (VBR), and can “easily infect” machines running Windows 8 and other 64-bit operating systems.

KINS TrojanA vendor in a closed Russian-speaking online forum announced the open sale of the Trojan this month, Kessem said. A standard version of the Trojan is available for $5,000 in Web Money and additional plug-ins, such as the Anti-Rapport module, is available for $2,000.

There was a “growing appetite” in the criminal underground for a “new ‘real’ banking malware in the online fraud arena,” Kessem said. Underground chatter indicated the criminals would “eagerly welcome a new developer and jointly finance a banker project,” provided it was commercially available, easy to use, and have quality technical support, according to the post. With Citadel going off the semi-open market in December and Zeus and SpyEye not being as active in recent year, the cyber-criminals “have been scrambling to find a replacement,” she said.

“It is not surprising that KINS’ developer is being ushered into the Russian-speaking cybercrime community with much enthusiasm, commended for his decision to make KINS commercial and share it the old-fashioned way,” Kessem said.

The developer also seems to have learned some lessons from the previous Trojans. KINS avoids Trojan trackers, a problem that plagued SpyEye. Much like SpyEye, KINS is compatible with Zeus Web injections and will work over the remote desktop protocol.

Zeus soared to popularity because it was a full kit, and wanna-be criminals didn’t need a lot of technical savvy to be able to create their own Trojan variants and put together attack campaigns. KINS also does not require technical savvy, which would likely encourage its popularity.

RSA fraud intelligence researchers have been seeing hints about Kins since early February, according to the post. There were rumors during development that Kins was associated with Citadel, although those rumors were squashed pretty quickly. However, like Citadel, KINS will not infect Russian or Ukranian-language systems, Kessem said. If the malware detects either language specifications on the targeted machine, Kins would terminate.

Advertisement. Scroll to continue reading.

“With all other major malware developers choosing to lay low to avoid imminent arrest by law enforcement authorities, KINS’ author is very sure to see an immediate demand for his Trojan, so long as he can avoid capture himself and as soon as high-ranking peers sign off on its crime-grade quality,” Kessem said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.