Research shows that this malware family is an offshoot of ZeusVM malware. However, the Trojan-Banker.Win32.Chthonic family is significantly different from its predecessors.
Trojans of this family are distributed by cybercriminals in spam messages designed to exploit vulnerabilities, or by the Andromeda bot, which downloads the malware to an infected computer.
The initial Trojan-Banker.Win32.Chthonic loader downloads a more advanced loader, which then downloads the main module of the Trojan.
Trojans in this family have a modular architecture, with a main component that supports the following downloadable modules:
Geographical distribution of attacks by the Trojan-Banker.Win32.Chthonic family
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware
|Find out the statistics of the threats spreading in your region|