Win32/Gataka

Win32/Gataka Description



Win32/Gataka is a banking Trojan that was originally identified in 2011 but remains an active and significant threat as of June 2012. Although Win32/Gataka’s default functions are relatively limited, like other plugin-supporting PC threats such as SpyEye, Win32/Gataka includes heavy support for additional features that are used to monitor your computer and steal personal information, including passwords and other security data for bank accounts. Since Win32/Gataka uses sophisticated attacks (like code injection into unrelated processes) routinely, SpywareRemove.com malware analysts strongly suggest recruiting powerful anti-malware software for any attempt to find or delete Win32/Gataka from your computer.

Win32/Gataka – an Invisible and Readily-Expandable Thief


Win32/Gataka has been noted for its use in attack campaigns against US newspaper websites, Dutch banks and German banks, although the majority of Win32/Gataka’s victims are based in Germany. Because Win32/Gataka’s distribution methods include redirects from hacked websites, SpywareRemove.com malware researchers recommend that you protect your browser from exploits and live attacks even while you’re browsing a site that you know to be reputable. Win32/Gataka installation may proceed without symptoms, and even Win32/Gataka’s original executable is deleted to avoid detection.

Win32/Gataka avoids giving itself away by using code-injection attacks to insert its code into available memory processes, starting with explorer.exe. Internet Explorer is also used to contact a remote server wherein Win32/Gataka may receive further instructions, such as which plugins to download and use.
Download SpyHunter Spyware Scanner
Since its basic architecture requires Windows programs to inject itself into, Win32/Gataka is of little danger to non-Windows operating systems. Updates to Win32/Gataka can also include changes that allow Win32/Gataka to avoid anti-malware programs, and SpywareRemove.com malware researchers particularly recommend that you keep all security software as completely updated as possible to maximize your chances of detecting Win32/Gataka.

An Inspection of Each of Win32/Gataka’s Tentacles


Win32/Gataka has been used for attacks as disparate as cracking account passwords with randomly-generated guesses and web page injections that trick victims into giving over their Transaction Authorization Numbers in fake ‘test transfers.’ Despite the wide range of techniques in use, Win32/Gataka’s overall goal remains that of stealing personal information and/or money via the infected PC. SpywareRemove.com malware researchers highlight the following modules in particular as being good examples of Win32/Gataka at work:
  • WebInject is used to insert Java-based code into unrelated web content. This code can be used to create fraudulent or malicious content on a normally-safe site, as SpywareRemove.com malware experts found in the aforementioned TAN-theft attacks.
  • The Interceptor plugin allows Win32/Gataka to examine all incoming and outgoing network communication. Websites that use encryption to protect sensitive information (such as bank sites) can have their encryption replaced with fake certificates that are included with Interceptor. This allows Win32/Gataka to both monitor information for theft and create a false appearance of security while you browse the web.
  • NextGenFixer is a plugin that enhances the functionality of other modules by assisting Win32/Gataka with monitoring specific websites that are of interest to Win32/Gataka’s criminal controllers.

Of course, the main module for Win32/Gataka coordinates all of these activities, including connecting to the relevant C&C server and installing other PC threats and add-ons as required. SpywareRemove.com malware analysts emphasize that the main danger in any Win32/Gataka attack is theft of bank account data, but other forms of information can also be stolen by Win32/Gatakam which should be removed with dedicated anti-malware software whenever necessary.

Aliases


Application/BoontyGames [Panda]APPL [Ikarus]Backdoor/Win32.Agent.gen [Antiy-AVL]APPL!IK [Emsisoft]APPL/BoontyGames [AntiVir]Win32.APPLBoontyGame [eSafe]W32/MalwareS.BHQT [F-Prot]Trojan.MalwareS!1GGks7N7EOM [VirusBuster]Artemis!91E6D6D3D98B [McAfee]Trj/CI.A [Panda]

More aliases (51)


Win32/Gataka Automatic Detection Tool (Recommended)


Is your PC infected with Win32/Gataka? To safely & quickly detect Win32/Gataka, we highly recommend you run the malware scanner listed below.



Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
Posted: June 29, 2012 | By
Share:
Follow Me on Pinterest More More
Threat Level: 9/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:
Detection Count: 14

Leave a Reply

What is 11 + 13 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)