ESET Researcher Traces the Evolution of Webinject Banking Trojans

Next story

Jean-Ian Boutin, researcher from ESET Montreal lab has presented the results of the recent investigation of the webinject-based malware at the 24th Virus Bulletin conference in Seattle. ESET’s Jean-Ian Boutin has been analyzing these types of threats for several years now. His paper titled “The Evolution of Webinject” uncovers many interesting facts about these banking trojans. The highlights of his paper have just been published on ESET WeLiveSecurity.com.
Webinjects are used by a number of banking trojans to alter the content of a webpage a user sees on a compromised computer. The trojan is able to inject code such as JavaScript into the browser to interact with the website content and perform various actions. This technique is quite old, but has evolved considerably in the past few years. The rise of banking trojans has also seen a rapid increase in the complexity of webinjects, enhancing even further their capabilities. This has presented a perfect opportunity for many cybercriminals to specialize on webinjects, which has led to their commoditization.


When it comes to this malware, it makes sense to ask: is there a ubiquitous webinject kit that everyone is using?


“Yes. Two of these kits grabbed my attention as they were used by several different banking trojan families. The first one is ATSEngine and the second one is the Injeria platform. Together they have been seen in seven different malware families and used in numerous different campaigns,” explains Jean-Ian Boutin.


“The Evolution of Webinject” is now available on WeLiveSecurity.com. The paper and presentation on the topic presented at 24th Virus Bulletin Conference are available at VB conference website www.virusbtn.com. The recording of the presentation is now available at the Virus Bulletin YouTube channel as well. 



About ESET

Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedInFacebook and Twitter.