Underground forums have been buzzing recently about a “new banking Trojan” said to be “an alternative to the popular and widely used Zeus Trojan“, according to an article published recently on the Security Week web site. Cybercrime researchers say that this new Trojan, known as Pandemiya, “has the potential to become a pervasive threat“, according to the article.”
Experts say, according to the report, that this Zeus-like threat “allows cyber-criminals to steal form data, login credentials, and files from infected computers” and it’s “modular design” makes it simple “for cyber-criminals to expand and add functionality.” The article indicates that Pandemiya shares typical characteristics and has the same capabilities as other banking Trojans, but this threat is also very unique in many ways.
Uri Fleyder, cybercrime research lab manager at the RSA Research Group, spoke in the article about what “sets Pandemiya apart” from other threats by noting that “it has been written from scratch without sharing any source code with Zeus.” Fleyder was also quoted in the article to confirm how unusual this is by saying, say that “…many banking Trojans such as Citadel/Ice IX and Carberp are based on Zeus’s source code. Pandemiya doesn’t appear to have any code in common with leaked versions of Zeus or other toolkits.” An RSA Fraud Action blog post was quoted in the article to say, “The developer behind Pandemiya—or a team of developers—spent close to a year developing this latest threat.”