Trojan-Banker.Win32.Metel

Home Threats Trojan-Banker Trojan-Banker.Win32.Metel

Detect Date

06/03/2016

Class

Platform

Description

Malicious software of this family, also known as Corkow, has been distributed by cybercriminals since 2011. The software has a modular architecture. The following modules are used most frequently:
• MON, monitors operating system processes.
• KLG, logs keystrokes entered by the user.
• HVNC, enables cybercriminals to remotely connect to the infected computer via the VNC protocol.
• FG, intercepts data in online forms in web browsers.
• IB2, intercepts client banking information for iBank 2.
• SBRF, intercepts client banking information for Sberbank.

Geographical distribution of attacks by the Trojan-Banker.Win32.Metel family

Geographical distribution of attacks during the period from 16 May 2015 to 16 May 2016

Top 10 countries with most attacked users (% of total attacks)

	Country	% of users attacked worldwide*
1	Russian Federation	81.63
2	Ukraine	6.05
3	Germany	1.21
4	Brazil	0.87
5	India	0.76
6	USA	0.65
7	Algeria	0.63
8	Vietnam	0.60
9	France	0.48
10	Mexico	0.47

* Percentage among all unique Kaspersky users worldwide attacked by this malware