Home Malware Programs Trojans Silent Night

Silent Night

Posted: May 22, 2020

The Silent Night is a banking Trojan based on the Keylogger Zeus. Its campaigns operate on a for-hire model, with threat actors using methods ranging from e-mail attachments to browser-based exploits for infecting their victims. Affected users should have a robust anti-malware product remove the Silent Night immediately, change all vulnerable passwords, and contact their bank for further recommendations on recovery procedures.

An Expensive Nighttime Quietude for More than One Party

The tale of the Keylogger Zeus is an epic in banking Trojan history that outlives its name in offspring, such as Gameover, Sphinx, Terdot, or the particularly new the Silent Night. The last Trojan in this list is making its name by being one of the most costly options on the black market for spyware hiring – justifying the price tag with what malware experts rate as being substantial upgrades to its structure and stealth characteristics. With attacks that are variable according to modules and extreme attention to code-hiding mechanisms, the Silent Night may remain 'the next big thing' on the banking Trojan marketplace for months to come.

Because of its use as a hired-to-third-parties program, the Silent Night's distribution model is nearly as flexible as its payload. Malware researchers confirm cases of browser vulnerability-abusers like the RIG Exploit Kit's performing drive-by-downloads for depositing the Silent Night, as well as multiple tactics revolving around phishing e-mail attachments. Although the Silent Night's version numbers show limited iteration, the Trojan carries with it advantages over the old version of Keylogger Zeus, demonstrating the programmer's experience.

The Silent Night compartmentalizes most of its attacks into separate modules, most of which concern themselves with collecting browser information. Through them, it can record in-browser keystrokes, collect form-entered data, take screenshots, collect cookies and establish a proxy server. Both the Silent Night's core and its modular elements also have complex layers of obfuscation that essentially 'morph' the code for preventing threat-detecting tools from identifying it. The latter is unusual for using a pre-compilation method, albeit one with a supposedly-static tool.

Clearing the Nightly Predators Off Your Bank Account

Some of the Silent Night's choices in structure and obfuscation suggest that the threat actor maintaining it, 'Axe' (also responsible for the lesser-known Axebot banking Trojan), is working off of Terdot as a template. However, these shared advantages don't weaken the Silent Night self-obfuscating capabilities. Like all good banking Trojans, it also hides from users through memory injection and other exploits that limit the visibility of its processes and files.

Users can monitor e-mail attachments and links for possible the Silent Night attacks, which may attach the Trojan to a message directly or use a delivery vehicle, such as a document-embedded Trojan dropper. Deactivating advanced content like macros, JavaScript, Flash, and Java also will prevent many vulnerabilities related to these campaigns from loading. Malware researchers also recommend staying up-to-date with security patches as an effective defense against most Exploit Kits.

Despite the variables of its business model, the Silent Night is consistent in targeting bank account-related data. Banking customers can protect themselves with fully-patched and reputable anti-malware services for removing the Silent Night before it exfiltrates passwords or other information.

Like Keylogger Zeus and Terdot, the Silent Night seems set for leaving a long-lasting mark on both the banking Trojan industry and its victims throughout the world. As threat actors like Axe entrench their software-based defenses, bank customers will find it ever more critical that they not be taken unawares by the latest Trojan evolution.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Silent Night may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.