Our security researchers detected and analyzed Hesperbot, an advanced piece of malicious software which targets credentials for online bank accounts, in order to retrieve financial information.

Hesperbot appeared initially in Turkey in august 2013, being detected in the same year by our security researchers.

The malware analysis indicates that Hesperbot is an advanced software package that can be employed by online criminals to retrieve sensitive information from online bank accounts. At the moment, this dangerous malware has spread throughout Europe and it is used in the online environment from Western Europe.

Our analysts ran deep investigations on Hesperbot’s behavior and presented their conclusions at the Association of Antivirus Asia Researchers conference in Sydney, through our IT security expert, Peter Kruse.

The malware analysis on Hesperbot revealed not only its malicious nature and purpose, but also a connection with a real person.


Collaboration with law enforcement agencies

It is important that our extensive efforts and investigation on this piece of malware have been shared with major security agencies and companies in the IT industry.

Since online criminal operations are difficult to detect and trace down the perpetrators, it is a big step ahead that Hesperbot has been related to an individual, which caused the security agencies to launch an investigation.

Nevertheless, we need to emphasize the juridical frame is not totally established and we should point out the importance of an increasing collaboration between the countries. Our analysts monitor Hesperbot spread and action on a number of online bank accounts throughout the world and notice its financial stealing effects.

At this moment, we are prepared to deal with this type of malware threat and operate not only reverse engineering methods, but we also research underground malware forums for more details.


Where is all this malware coming from?

Running deep level analysis and reverse engineering techniques, we have traced down Hesperbot’s infrastructure, which is hosted on malicious servers from Ukraine and Russia.

More important for our conclusion is that Hesperbot seems to be connected to CryptoLocker, the infamous ransomware, which encrypts files and demands money from its victims in order to provide the decryption key, and to the Zeus Gameover malware family, one of the most dangerous pieces of software detected so far.


How do I stay safe from Hesperbot?

To keep your online bank credentials safe from this piece of malware, make sure you keep your antivirus up-to-date with the latest updates, install a security solution specially designed for this financial stealing malware and use common sense, don’t go clicking and downloading suspicious content from unknown or unsafe locations.

For an increased protection, you can also relate to our articles on online safety, like The Ultimate Guide to Secure your Online Browsing and 10 Warning Signs That Your Computer is Malware Infected.

The easy way to protect yourself against malware
Here's 1 month of Heimdal™ Threat Prevention Home, on the house!
Heimdal™ Threat Prevention Home
Use it to: Block malicious websites and servers from infecting your PC Auto-update your software and close security gaps Keep your financial and other confidential details safe


Download Free Trial

This post was originally published by Aurelian Neagu in November 2014.

Free Encryption Software Tools

(UPDATED 2021) The most Popular Free Encryption Software Tools to Protect Your Data

banking Trojan
2017.06.16 SLOW READ

How A Banking Trojan Does More Than Just Steal Your Money

Online Shopping Security Tips

17 Underused Online Shopping Security Tips


Leave a Reply

Your email address will not be published. Required fields are marked *