‘Potent’ Banking Malware Hesperbot Erupts From Czech Republic

An advanced piece of malware has emerged in the Czech Republic and it threatens online banking users in the UK, security experts have warned.

The Hesperbot Trojan was spotted by ESET researchers as it was using a domain (www.ceskaposta.net) that purported to belong to the Czech Postal Service (real domain: www.ceskaposta.cz). It appears to have only launched in August.

Banking malware with skills

It is functionally similar to the infamous Zeus malware, as it can inject HTML, take screenshots, do keylogging and take video, but it can also set up a hidden virtual network computing (VNC) server, which could be used for communications with the hackers and avoid detection..

There is a mobile component too, which works on Android, BlackBerry and Symbian devices,

The attackers are trying to lure users into downloading the malware, by emailing them fake parcel tracking information or messages from ISPs. Despite the Czech link, most affected customers so far reside in Turkey, where “several hundred” have been infected.

As for the UK, a special variant of the malware has been created, but ESET said it could not provide any further detail on it.

“Victims in the Czech Republic have lost significant amounts of money as a result of infection by this malware,” ESET added in its blog post. “It’s quite possible that there are similarly unfortunate victims in Turkey and Portugal as well.”

What do you know about Internet security? Find out with our quiz!