(also CoreBot malware)
CoreBot is a notorious banking Trojan that emerged in 2015. It primarily targets Windows-based systems and is designed to steal online banking users’ sensitive information, particularly login credentials and financial data.
CoreBot can capture keystrokes, take screenshots, and inject malicious code into web browsers. It intercepts and manipulates user interactions with banking websites.
CoreBot key characteristics
- Distribution. CoreBot typically spreads through various means, including exploit kits, malicious email attachments, social engineering, or compromised websites.
- Functionality. Once it infects a system, CoreBot establishes persistence by modifying system files and registry entries. It employs advanced evasion techniques to evade detection by security software.
- Remote Access and Control. CoreBot provides its operators with remote access and control capabilities. This allows criminals to execute commands remotely, update the malware’s configuration, and download additional modules or payloads onto infected systems.
- Information Theft. CoreBot focuses on stealing sensitive information related to online banking, including login credentials, account numbers, and financial data. It achieves this through keylogging, form-grabbing, and screen-capturing techniques.
- Botnet Capabilities. CoreBot has the ability to connect to a command-and-control (C2) server, enabling communication with its operators. This allows attackers to remotely control and manage the infected systems as part of a botnet.