Citadel Trojan – a well known massively distributed trojan, that has already managed to compromise millions of PC worldwide, and has received a brand new configuration.
Citadel, based on the source code of infamous Zeus, was designed to steal private and financial data, like passwords or credit card numbers.
How does Citadel work?
Once Citadel hooks(hooking allows it to intercept the inter-process communication and alter it) into the user’s PC, it has to register with C&C(command and control) server in order to receive new configuration file. This file contains a set of instructions, which tells Citadel what actions should it perform. Citadel can receive new configs as long as it can communicate with C&C.
A recently discovered configuration file instructs Citadel to grab your keystrokes when you are accessing your password managing software. This obviously allows to grab all of your logins and passwords at once.
IBM, who discovered this new Citadel config, confirmed that this malware is targeting major password managers:
-neXus Personal Security Client
-Password Safe
-KeePass
How many other, yet undiscovered viruses might be out there?
We can only speculate.
Good news is that with SpyShelter installed, you do not have to worry about such threats.
Tweet