This malware family consists of Trojans targeted against online banking services. The malware is used by cybercriminals to steal money or account credentials from users of e-banking services.
Information needed for connecting to the server of the cybercriminals is encrypted inside the executable file of the malware. Trojan-Banker.Win32.Neverquest2 is distributed under the MAAS (Malware As A Service) model. This means that cybercriminals rent the malware from its creators, receiving a fully ready software kit for criminal purposes.
The malware collects information about the infected computer and sends it to the cybercriminals’ server. Collected information includes:
Malware of this family performs the following actions:
In addition, the malware can replace the content of web pages displayed in the user’s browser by using spoofed content and configuration files, which are downloaded by the malware from a server controlled by cybercriminals.
Geographical distribution of attacks by the Trojan-Banker.Win32.Neverquest2 family
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware
|Find out the statistics of the threats spreading in your region|