ESET Uncovers Advanced "Hesperbot" Banking Trojan Targeting Europe and Asia

Sep 06, 2013, 12:00 ET from ESET

SAN DIEGO, Sept. 6, 2013 /PRNewswire/ -- ESET, the global leader in proactive digital protection with a record of 10 consecutive years of VB100 awards for its award-winning NOD32® technology, today announced  the discovery of a new and sophisticated banking trojan targeting online banking users in Europe and Asia. This newly revealed and very potent banking malware, dubbed Hesperbot, is spreading via phishing-like emails, and attempts to infect mobile devices running Android, Symbian and Blackberry operating systems.


Based on LiveGrid® data – the cloud-based malware collection system developed by ESET – hundreds of infections have been detected in Turkey, as well as dozens in the Czech Republic, United Kingdom and Portugal. Several victims have already been robbed of financial assets.

Detected as Win32/Spy.Hesperbot, the malware uses keylogger capabilities, can create desktop screenshots and video capture, as well as set up a remote proxy. Advanced techniques include creating a hidden remote connection to the infected system.

"Analysis of the threat revealed that we were dealing with a banking trojan, with similar functionality and identical goals to the infamous Zeus and SpyEye," said Robert Lipovsky, ESET malware researcher. "But significant implementation differences indicated that this is a new malware family, not a variant of a previously known trojan. ESET products like ESET Smart Security and ESET Mobile Security protect against this malware."

The attackers aim to obtain login credentials by sending emails seeming to originate from credible organizations. Once they have obtained access to the victim's bank account, they try to install a mobile component of the malware on their Symbian, Blackberry or Android phone.

The Czech malware campaign started on August 8, 2013. The attackers registered a domain which is very close to the actual website of the Czech Postal Service.

"It's probably not surprising that the attackers tried to lure potential victims  to  open the malware by sending phish-like emails resembling parcel tracking information from the Postal Service," said Lipovsky. "This technique has been used many times before." The Czech Postal Service responded very quickly to the threat by issuing a warning about the scam on their website.

One of the countries most affected by this banking trojan is Turkey, with Hesperbot detections there dated even earlier than August 8. Recent peaks in botnet activity were observed in Turkey in July 2013, but ESET has also found older samples that go back at least to April 2013.  Phishing e-mail sent to potential victims seemed to be invoices. A variant of the malware has also been found in the wild targeting computer users in Portugal and the United Kingdom.

Detailed analysis of this malware can be found at – the ESET news platform featuring analysis of the latest cyber threats.

About ESET

ESET®, the pioneer of proactive protection and the maker of the award-winning NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 25 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32® Antivirus holds the record number of Virus Bulletin "VB100" Awards, and has never missed a single "In-the-Wild" worm or virus since the inception of testing in 1998. In addition, ESET's NOD32® technology holds the longest consecutive string of the VB100 awards of any other AV vendor. ESET has received a number of accolades from AV-Comparatives, AV-TEST and other organizations. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET® has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries.