Win32/Gataka is a banking Trojan that was originally identified in 2011 but remains an active and significant threat as of June 2012. Although Win32/Gataka’s default functions are relatively limited, like other plugin-supporting PC threats such as SpyEye, Win32/Gataka includes heavy support for additional features that are used to monitor your computer and steal personal information, including passwords and other security data for bank accounts. Since Win32/Gataka uses sophisticated attacks (like code injection into unrelated processes) routinely, SpywareRemove.com malware analysts strongly suggest recruiting powerful anti-malware software for any attempt to find or delete Win32/Gataka from your computer.
Win32/Gataka – an Invisible and Readily-Expandable Thief
Win32/Gataka has been noted for its use in attack campaigns against US newspaper websites, Dutch banks and German banks, although the majority of Win32/Gataka’s victims are based in Germany. Because Win32/Gataka’s distribution methods include redirects from hacked websites, SpywareRemove.com malware researchers recommend that you protect your browser from exploits and live attacks even while you’re browsing a site that you know to be reputable. Win32/Gataka installation may proceed without symptoms, and even Win32/Gataka’s original executable is deleted to avoid detection.
Win32/Gataka avoids giving itself away by using code-injection attacks to insert its code into available memory processes, starting with explorer.exe. Internet Explorer is also used to contact a remote server wherein Win32/Gataka may receive further instructions, such as which plugins to download and use.
An Inspection of Each of Win32/Gataka’s Tentacles
Win32/Gataka has been used for attacks as disparate as cracking account passwords with randomly-generated guesses and web page injections that trick victims into giving over their Transaction Authorization Numbers in fake ‘test transfers.’ Despite the wide range of techniques in use, Win32/Gataka’s overall goal remains that of stealing personal information and/or money via the infected PC. SpywareRemove.com malware researchers highlight the following modules in particular as being good examples of Win32/Gataka at work:
- WebInject is used to insert Java-based code into unrelated web content. This code can be used to create fraudulent or malicious content on a normally-safe site, as SpywareRemove.com malware experts found in the aforementioned TAN-theft attacks.
- The Interceptor plugin allows Win32/Gataka to examine all incoming and outgoing network communication. Websites that use encryption to protect sensitive information (such as bank sites) can have their encryption replaced with fake certificates that are included with Interceptor. This allows Win32/Gataka to both monitor information for theft and create a false appearance of security while you browse the web.
- NextGenFixer is a plugin that enhances the functionality of other modules by assisting Win32/Gataka with monitoring specific websites that are of interest to Win32/Gataka’s criminal controllers.
Of course, the main module for Win32/Gataka coordinates all of these activities, including connecting to the relevant C&C server and installing other PC threats and add-ons as required. SpywareRemove.com malware analysts emphasize that the main danger in any Win32/Gataka attack is theft of bank account data, but other forms of information can also be stolen by Win32/Gatakam which should be removed with dedicated anti-malware software whenever necessary.
Application/BoontyGames [Panda]APPL [Ikarus]Backdoor/Win32.Agent.gen [Antiy-AVL]APPL!IK [Emsisoft]APPL/BoontyGames [AntiVir]Win32.APPLBoontyGame [eSafe]W32/MalwareS.BHQT [F-Prot]Trojan.MalwareS!1GGks7N7EOM [VirusBuster]Artemis!91E6D6D3D98B [McAfee]Trj/CI.A [Panda]
More aliases (51)
Win32/Gataka Automatic Detection Tool (Recommended)
Is your PC infected with Win32/Gataka? To safely & quickly detect Win32/Gataka, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Win32/Gataka What happens if Win32/Gataka does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
Posted: June 29, 2012 | By SpywareRemove
Threat Level: 9/10
Rate this article:
Detection Count: 14