Tatanga Trojan
Posted: May 17, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | May 17, 2012 |
|---|---|
| Last Seen: | July 20, 2022 |
| OS(es) Affected: | Windows |
Tatanga Trojan is a banking Trojan that was originally detected in 2011, but as of mid-2012, the Tatanga Trojan remains a viable and actively-distributed PC threat with a high level of sophistication and a dangerous payload. The Tatanga Trojan uses 'man-in-the-browser' or MitB attacks to modify web pages for popular banks, which can result in the victim accidentally giving Tatanga Trojan confidential bank account information or even unintentionally partaking in fraudulent money transfers. Because Tatanga Trojan uses a multiple-component module system as part of its basic structure along with rootkit-based stealth techniques, SpywareRemove.com malware researchers discourage attempts to find or delete Tatanga Trojan without help from very powerful anti-malware products or experts in PC security. The only initial symptom of a Tatanga Trojan attack is the appearance of a web browser-based prompt to partake in a bank account insurance service that supposedly protects against online fraud – ironically, the exact thing that Tatanga Trojan is designed to accomplish.
Tatanga Trojan – Don't Mistake This Trojan for a Harmless Video Game Character
The Tatanga Trojan, which appears to have derived its name from the cast of a 1989-era platform game, is similar to EyeStye (or EyeSpye) banking Trojans that are also capable of spoofing legitimate bank-related online functions and services to enable fraudulent bank account attacks. Unlike most banking Trojans that strive to avoid notice, Tatanga Trojan tries to get its victims' attention by using a 'ModDynamicInjection' component to alter the display of a bank website as Tatanga Trojan is loaded. Tatanga Trojan can vary the exact type of html page alterations depending on the bank that the victim uses, and may simply strip off data transmission security (while spoofing it so that there aren't obvious signs of this occurring) to steal information or alter the page to display unusual requests for additional info. Among the latter attacks, the most prominent example is fake bank account insurance feature that, if used, will transfer up to five thousand Euros (or equivalent other currencies) from the target's account to a money-mule account.
SpywareRemove.com malware researchers note that current versions of Tatanga Trojan appear to target native Spanish speakers, although the Tatanga Trojan's module-based and configurable structure could also allow Tatanga Trojan to attack a different range of banks and potential victims. Although Tatanga Trojan alters the html page as it's loaded into your web browser, this attack doesn't consist of a direct hacking action against the bank website itself and is unlikely to be detected by your bank (other than by generic security procedures that protect against suspicious money transfers, etcetera). It's also been confirmed that Tatanga Trojan can function in all popular brands of web browsers and even some of the unpopular ones like Minefield, Chrome and Netscape.
Why Spying Tatanga Trojan with Your Little Eye Might Be a Rough Job
Tatanga Trojan uses rootkit-level attacks to conceal its presence via loading its files into normal system components, just as Tatanga Trojan also loads its browser attacks into normal html pages. These files are encrypted by default and are only decrypted once they're loaded into your computer's memory, which may make it difficult for some anti-malware programs to detect Tatanga Trojan – particularly if they don't have all available threat database updates. Chances are high that current versions of Tatanga Trojan are only mid-development stepping stones on the way to an even more advanced version of this banking Trojan than current Tatanga Trojan variants, and you should never try to find or remove Tatanga Trojan without help from the absolutely most robust anti-malware products that are available.
Some other side features that SpywareRemove.com malware analysts have found that Tatanga Trojan also puts on the table (as though stealing your bank account was not, by itself, enough of a peril) include:
- Collecting e-mail addresses to be exploited for other attacks.
- Disabling your anti-virus software (which may necessitate disabling Tatanga Trojan before you can delete Tatanga Trojan).
- Blocking downloads of anti-fraud software, including Trusteer-brand products.
- Finally, Tatanga Trojan may also enable a limited amount of control over your PC via a C&C server, a la backdoor Trojan style attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.