Detect Date 06/03/2016
Class Trojan-Banker
Platform Win32

Malicious software of this family, also known as Corkow, has been distributed by cybercriminals since 2011. The software has a modular architecture. The following modules are used most frequently:
• MON, monitors operating system processes.
• KLG, logs keystrokes entered by the user.
• HVNC, enables cybercriminals to remotely connect to the infected computer via the VNC protocol.
• FG, intercepts data in online forms in web browsers.
• IB2, intercepts client banking information for iBank 2.
• SBRF, intercepts client banking information for Sberbank.

Geographical distribution of attacks by the Trojan-Banker.Win32.Metel family

Geographical distribution of attacks during the period from 16 May 2015 to 16 May 2016

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russian Federation 81.63
2 Ukraine 6.05
3 Germany 1.21
4 Brazil 0.87
5 India 0.76
6 USA 0.65
7 Algeria 0.63
8 Vietnam 0.60
9 France 0.48
10 Mexico 0.47

* Percentage among all unique Kaspersky users worldwide attacked by this malware

Find out the statistics of the threats spreading in your region