The Silent Night is a banking Trojan based on the Keylogger Zeus. Its campaigns operate on a for-hire model, with threat actors using methods ranging from e-mail attachments to browser-based exploits for infecting their victims. Affected users should have a robust anti-malware product remove the Silent Night immediately, change all vulnerable passwords, and contact their bank for further recommendations on recovery procedures.
An Expensive Nighttime Quietude for More than One Party
The tale of the Keylogger Zeus is an epic in banking Trojan history that outlives its name in offspring, such as Gameover, Sphinx, Terdot, or the particularly new the Silent Night. The last Trojan in this list is making its name by being one of the most costly options on the black market for spyware hiring – justifying the price tag with what malware experts rate as being substantial upgrades to its structure and stealth characteristics. With attacks that are variable according to modules and extreme attention to code-hiding mechanisms, the Silent Night may remain 'the next big thing' on the banking Trojan marketplace for months to come.
Because of its use as a hired-to-third-parties program, the Silent Night's distribution model is nearly as flexible as its payload. Malware researchers confirm cases of browser vulnerability-abusers like the RIG Exploit Kit's performing drive-by-downloads for depositing the Silent Night, as well as multiple tactics revolving around phishing e-mail attachments. Although the Silent Night's version numbers show limited iteration, the Trojan carries with it advantages over the old version of Keylogger Zeus, demonstrating the programmer's experience.
The Silent Night compartmentalizes most of its attacks into separate modules, most of which concern themselves with collecting browser information. Through them, it can record in-browser keystrokes, collect form-entered data, take screenshots, collect cookies and establish a proxy server. Both the Silent Night's core and its modular elements also have complex layers of obfuscation that essentially 'morph' the code for preventing threat-detecting tools from identifying it. The latter is unusual for using a pre-compilation method, albeit one with a supposedly-static tool.
Clearing the Nightly Predators Off Your Bank Account
Some of the Silent Night's choices in structure and obfuscation suggest that the threat actor maintaining it, 'Axe' (also responsible for the lesser-known Axebot banking Trojan), is working off of Terdot as a template. However, these shared advantages don't weaken the Silent Night self-obfuscating capabilities. Like all good banking Trojans, it also hides from users through memory injection and other exploits that limit the visibility of its processes and files.
Despite the variables of its business model, the Silent Night is consistent in targeting bank account-related data. Banking customers can protect themselves with fully-patched and reputable anti-malware services for removing the Silent Night before it exfiltrates passwords or other information.
Like Keylogger Zeus and Terdot, the Silent Night seems set for leaving a long-lasting mark on both the banking Trojan industry and its victims throughout the world. As threat actors like Axe entrench their software-based defenses, bank customers will find it ever more critical that they not be taken unawares by the latest Trojan evolution.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Silent Night may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.