Detect Date 06/03/2016
Class Trojan-Banker
Platform Win32

Malware of this family installs specially crafted PAC files on the infected computer. Proxy Auto Configuration (PAC) files are used by web browsers to automatically apply settings for accessing the Internet. Other programs may also use the proxy server settings of the browser when they are used to access web resources.

Using PAC files, these Trojans intercept and spoof traffic between an infected computer and online banking services.

Trojan-Banker.Win32.Capper periodically checks the cybercriminal’s server for the latest version of the PAC files and updates them.

Geographical distribution of attacks by the Trojan-Banker.Win32.Capper family

Geographical distribution of attacks during the period from 03 June 2015 to 03 June 2016

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russian Federation 76.98
2 Japan 15.46
3 Kazakhstan 0.73
4 Ukraine 0.72
5 Germany 0.54
6 Israel 0.47
7 China 0.46
8 Belarus 0.41
9 India 0.41
10 Austria 0.34

* Percentage among all unique Kaspersky users worldwide attacked by this malware

Find out the statistics of the threats spreading in your region