Vawtrak, the latest version of the 64-bit compatible Gozi Prinimalka trojan that has been around since the mid-2000s, has always focused on the financial vertical, and until recently, was especially active in Japan. New developments, though, are setting the malware up to be a much greater threat, as it appears to be widening its target surface.
“It is clear that Vawtrak is an imminent threat expanding in complexity,” said Don Jackson, director of threat intelligence at PhishLabs. “Targets are growing outside the financial industry and geographic distribution continues to rise.”
Newer configurations of the Vawtrak botnet are found to incorporate advanced web injects as part of the core functionality; they enable the capture of additional personal information for exploitation of the victim’s account.
In all, Jackson said that Vawtrak must not be ignored: “Custodians of the malware are investing time and resources to improve configurations that will increase stealth and added resistance to detection,” he said. “As targets expand beyond the financial industry and into new geographic regions, organizations and consumers must be prepared for the impending threat.”