Beware! Russia's Kaspersky Lab Detects New Trojan Out for Your CryptoWallets

© Sputnik / Sergey Guneev / Go to the mediabankDecember 22, 2015. Head of Kaspersky Lab Yevgeny Kaspersky near the Lab's stand during the exhibition of Russia's first Internet Economy Forum
December 22, 2015. Head of Kaspersky Lab Yevgeny Kaspersky near the Lab's stand during the exhibition of Russia's first Internet Economy Forum - Sputnik International
Cybersecurity is among the issues being raised on the sidelines of the World Economic Forum, now in full swing in Davos. Russia's Kaspersky Lab appears to appreciate the significance of the agenda as it has warned of a yet new IT threat – this time to computer users' financial data.

Specialists from Kaspersky Lab, the biggest cybersecurity company in Russia, have spotted a new Trojan called Mezzo, which was specially developed to hunt for "real," conventional money as well as cryptocurrencies, the company’s press release states.

Mezzo can falsify data in exchange files between accounting and banking systems and is currently sending information obtained from an infected computer to the criminals’ servers. Analysts say that this may be a signal that the Trojan’s creators are getting ready for an upcoming campaign to steal the money.

Internet of Things - Sputnik International
IoT Security Tough Task for Developers Amid Cyber Pedophile Threat

Not many computers have been infected by Mezzo so far, but all of them have proved to be in Russia. The virus spreads with the help of external loading programs. Once on a device, the Trojan virus creates a unique identification code for an infected computer which is further used to add a password protected folder on the hackers' server to store all the files stolen from the victim’s computer.

READ MORE: Theresa May Addresses 2018 World Economic Forum

Mezzo takes a primary interest in text files of popular accounting software, which were created less than two minutes earlier. When it spots these types of documents, the Trojan waits for a dialogue window to open to exchange data between a bank and an accounting system. If this happens it can replace the account details exactly as the exchange takes place. Voila! Your money is sent to them. If no dialogue window opens, Mezzo can even falsify the whole file.

Logo of the Kaspersky Lab antivirus software developer. - Sputnik International
Kaspersky Lab Discussing Software Security With UK Cyber Security Centre

"Analysis of the Mezzo code has shown that the virus can be linked to another much talked about Trojan, which is hunting for cryptocurrencies, the so-called CryptoShuffler. Kaspersky Lab experts have discovered that the Mezzo code and that of AlinaBot, which loads CryptoShuffler, are identical to the very last line. The codes of both viruses have obviously been written by the same virus programmers, thus they may be also interested in users' crypto-wallets," the company noted.

READ MORE: Necessary to Scrutinize Cryptocurrencies as They Can Be Used by Criminals — UK PM

Sergei Yunakovsky, an antivirus expert with Kaspersky Lab, pointed out that with the help of a similar Trojan virus called TwoBee, which the company detected about a year ago, perpetrators managed to snatch over 200 million rubles from Russian companies.

Mezzo is different from the point of view of employing a simpler algorithm to search for  and check the files it is interested in. It is highly probable that its functionality is not limited to solely accounting programs, as any virus is known to increasingly employ multiple different modules and functions.

Founded in 1997, Kaspersky Lab is a multinational cybersecurity and anti-virus provider based in Moscow, Russia and operated by a holding company in the United Kingdom. It develops and sells cybersecurity software, boasting about 400 million clients around the world, and is the leading anti-virus solution in Europe.

To participate in the discussion
log in or register
Заголовок открываемого материала