On Wednesday, Symantec revealed that the Neverquest banking trojan, also called “Snifula,” had evolved, allowing fraudsters to loot even more funds from victims.
In a blog post, the firm said that Neverquest's capabilities include keystroke logging, screenshot and video capturing, remote control access, and stored credential and digital certificate theft. In addition, the trojan leverages man-in-the-browser (MitB) attacks to target Windows users.
Since last December, more than half of Neverquest infections have been in the U.S. and Japan, Symantec revealed.
The new malware variant uses configuration files, specially crafted for specific targets, which facilitate data theft via web page code injections. In addition, saboteurs monitor victims' web pages by matching strings in the configuration files with parts of URLs or web page content, the blog post said.