The new .NET banking malware

This new malware just wants the security solution vendors to leave it alone. It does not use any network communication, so no network signatures can be created for this sample. No IP addresses or domain names to monitor or take down. It does not acquire any persistence, no registry entries are created. This has a very interesting impact. None of the antivirus products, that were available on VirusTotal when the samples were obtained, detected this malware. Not even a false positive from any of the over 45 different antivirus solutions.

Read more here – http://www.cert.pl/news/7955/langswitch_lang/en

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top