Home Malware Programs Trojans Corkow Trojan

Corkow Trojan

Posted: February 14, 2014

Threat Metric

Ranking: 4,314
Threat Level: 2/10
Infected PCs: 2,401
First Seen: February 14, 2014
Last Seen: October 17, 2023
OS(es) Affected: Windows


The Corkow Trojan is a multi-purpose spyware program with code partially 'borrowed' from Zeus. Like Trojan Zeus, the Corkow Trojan includes several, different ways of stealing privileged information, with a focus on your Web browser activities, banking activities and, unusually, BitCoin transactions. By the current numbers, Eurasia is at the greatest risk of new Corkow Trojan attacks, but malware experts find the Corkow Trojan to be just as potentially threatening when deployed against PCs throughout the world. Finding and removing any Corkow Trojan should use advanced anti-malware software combined with appropriate security techniques, which all may be necessary to prevent your personal information from being leaked to criminals.

The Russian Problem: a Spyware Role Reversal

Previously, malware researchers saw different cases of advanced spyware programs avoiding attacks against Russia – most likely, as a way for criminal coders to avoid any legal issues while residing in that very nation. The Corkow Trojan has taken the exact opposite stance, with its campaigns centering, in large part, on victimizing residents of Russia, with Ukraine as a distant second. Corkow Trojans are designed with expandability in mind, allowing criminals to add extra components in a modular fashion, which is a design model that criminals often use to distribute and 'rent out' versions of their threat to other, third party criminals, who may distribute and use them for monthly fees. Variants of Fareit and the Pony botnet are examples of some of the modules that the Corkow Trojan may support, in addition to its innate functions.

As far as its inherent features go, malware experts have seen some significant information-stealing capabilities from the Corkow Trojan, including:

  • The Corkow Trojan includes features for intercepting privileged financial information related to the iBank2 system (a financial transaction system most prominent in Russia and neighboring countries).
  • Further targeting Russia, the Corkow Trojan also has a second module intended to compromise independent banking utilities for Sberbank.
  • However, the Corkow Trojan also has more general interests than banking data. The Corkow Trojan collects your browser history, Web search terms and other Web browser-based information.
  • Like any other advanced banking Trojan, the Corkow Trojan also has a keylogger function that lets the Corkow Trojan capture typed information. This feature, while semi-redundant, also lets the Corkow Trojan have access to any data that the Corkow Trojan may have missed with the other, more specific functions.

The Sleeping Spyware Awakens

The Corkow Trojan also has several functions besides the primary attacks listed above and shows some signs of being interested in targeting users of BitCoin wallets, as well as Google Play developers. Another interesting quirk is the fact that, despite being several years old, the Corkow Trojan campaign experienced an extreme slump in the middle of 2012. However, that slump has long since subsided, and its purpose remains a mystery to be unraveled when its coders are, hopefully, brought to justice. The Corkow Trojan, along with all of its aggressive features, also includes features meant to block the Corkow Trojan from being detected by both casual PC users and advanced threat analysis setups, and you shouldn't anticipate being able to notice a Corkow Trojan infection by eye.

With the Corkow Trojan including all of the usual risks of high-level spyware, along with some new dangers of its own, you should act to block and remove any Corkow Trojan from your PC as fast as possible. Rebooting through a safe USB device and then using updated anti-malware software to delete the Corkow Trojan completely is strongly advised. As a follow-up, malware experts would suggest modifying passwords and any information that may have been stolen by the Corkow Trojan prior to its exit from your machine.

Technical Details

Additional Information

The following URL's were detected:
mychapchap.ru
Loading...