Trojan-Banker.Win32.BifitAgent

Trojan-Banker.Win32.BifitAgent is a banking Trojan – a Trojan that steals financial information and uses any accessible bank account's Web interface to initiate fraudulent transactions. Specifically designed to compromise banks using Bifit-protected technology, Trojan-Banker.Win32.BifitAgent has warranted interest from SpywareRemove.com malware researchers and other industry experts as a consequence of its employment of advanced techniques to initiate its attacks, conceal itself and maintain its various components. Even though Trojan-Banker.Win32.BifitAgent doesn't show any symptoms of its thieving actions, Trojan-Banker.Win32.BifitAgent is a high-level threat to any computer that engages in online banking activity, and anti-malware applications should be used to delete Trojan-Banker.Win32.BifitAgent as quickly as possible after any infection occurs.

Trojan-Banker.Win32.BifitAgent: Taking Your Money with Invisible Hands

Trojan-Banker.Win32.BifitAgent is designed to transfer your banking information – and the cash that's associated with your bank account – to criminals, with current Trojan-Banker.Win32.BifitAgent infections rising at a slow but steady rate. Currently the estimated victims of Trojan-Banker.Win32.BifitAgent attacks are in the triple digits, and SpywareRemove.com malware researchers note that Trojan-Banker.Win32.BifitAgent most likely is installed on machines that have been confirmed to engage in Bifit-based banking activities.

Trojan-Banker.Win32.BifitAgent is modular in nature and uses several components to circumvent various security features (including ones that are specific to Java). Some of Trojan-Banker.Win32.BifitAgent's components are obfuscated to hinder their detection and analysis, and Trojan-Banker.Win32.BifitAgent regulates the launching of these components, as well as keeping logs of their activities.

The main function of Trojan-Banker.Win32.BifitAgent is to create fraudulent transaction data, which Trojan-Banker.Win32.BifitAgent does by monitoring your web browser activities and then interfering with any data transfers to Bifit-using bank sites. SpywareRemove.com malware experts stress that this fake transaction data is transferred to the bank directly through Java-based attacks that don't display themselves to the user of a Trojan-Banker.Win32.BifitAgent-infected PC. Thus, Trojan-Banker.Win32.BifitAgent is capable of emptying your bank account without so much as tipping you off to the heist while it happens.

Don't Play the Middleman in Trojan-Banker.Win32.BifitAgent's Cyberspace Robbery

Trojan-Banker.Win32.BifitAgent also uses a (previously valid, but currently revoked) digital certificate that was stolen from a legitimate company. Digital certificates often are used to verify the safety of various programs, but, as SpywareRemove.com malware experts also have seen in other cases, also can be hijacked and exploited by malicious software like Trojan-Banker.Win32.BifitAgent.

Trojan-Banker.Win32.BifitAgent doesn't distribute itself, and, unlike many other PC threats, hasn't shown any tendency towards being distributed by exploit kits. Current Trojan-Banker.Win32.BifitAgent attacks appear to be the result of other infections with downloading functions, such as the Sality virus, the DNSChanger browser hijacker and/or variants of Shiz (a backdoor Trojan).

To remove Trojan-Banker.Win32.BifitAgent and the other Trojans that most likely put Trojan-Banker.Win32.BifitAgent on your hard drive in the first place, good anti-malware software always should be resorted to before any other measures. Once Trojan-Banker.Win32.BifitAgent is removed, SpywareRemove.com malware researchers also recommend contacting your bank and making sure that no unusual cash transfers have taken place.

Technical Details