Malware of this family installs specially crafted PAC files on the infected computer. Proxy Auto Configuration (PAC) files are used by web browsers to automatically apply settings for accessing the Internet. Other programs may also use the proxy server settings of the browser when they are used to access web resources.
Using PAC files, these Trojans intercept and spoof traffic between an infected computer and online banking services.
Trojan-Banker.Win32.Capper periodically checks the cybercriminal’s server for the latest version of the PAC files and updates them.
Geographical distribution of attacks by the Trojan-Banker.Win32.Capper family
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware