Trojan.Neverquest
Posted: December 6, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 117 |
| First Seen: | December 6, 2013 |
|---|---|
| Last Seen: | February 9, 2023 |
| OS(es) Affected: | Windows |
The Neverquest Trojan, or Trojan-Banker.Win32/64.Neverquest, is a banking Trojan that has been seen in attacks targeting residents of Middle Eastern, Asian and European countries. Although it shouldn't be a shock to learn that the Neverquest Trojan, like all banking Trojans, steals bank login information, malware researchers were unhappily impressed to learn of just how many different banking sites were supported by the Neverquest Trojan's easily-expandable list, with a current count of over two dozen. Wielding a basic injection attack that's intended to steal your information as you enter it into copycat Web pages without disrupting your Web-browsing experience, the Neverquest Trojan is a particularly stealthy example of a high-level PC threat. In the event of an infection, anti-malware solutions always should be used for removing a Neverquest Trojan, and further measures may be needed to keep your bank information from being exploited in future attacks.
Why the Neverquest Trojan is Privy to Your Every Banking Request
The Neverquest Trojan, occupying the same illicit financial niche as Zeus and Bancos, is a banking Trojan-for-hire that is sold to third party criminals for stealing the banking information of any accessible victims. The Neverquest Trojan is clearly designed with international aspirations in mind, with multiple countries in diverse regions already affected by the Neverquest Trojan – even though the Neverquest Trojan is only using roughly one third of its capacity for targeted banking sites. Although the Neverquest Trojan may be installed by a related PC threat, such as a Zlob Trojan downloader, the Neverquest Trojan also includes functions to assist with its distribution. The most meaningful of these is the Neverquest Trojan's ability to steal FTP client credentials, allowing criminals to compromise the associated accounts and insert unreliable content that loads for visitors. The content, a variant of the Neutrino Exploit Kit, then installs the Neverquest Trojan and any other threats, as per its instructions.
However, the Neverquest Trojan's focus still is the compromise of bank accounts, which malware experts have seen taking place in a format that's something of a callback to the methods previously used by Zeus. Like Zeus, the Neverquest Trojan waits until an infected PC's browser loads a relevant banking site and then injects unsafe (but disguised) content. This content looks identical to that of the banking site's normal content – but may give any entered information, such as passwords or security question answers, to the criminals who rented the Neverquest Trojan in the first place.
Many popular social networking websites also are targeted by the Neverquest Trojan's account login-hijacking attacks.
Calling a Halt to a Neverquest Trojan's Quest for Your Money
As a high-level PC threat that may steal almost everything of value on your PC, the Neverquest Trojan's capacity for damage isn't to be underestimated, but the Neverquest Trojan doesn't display any major symptoms of its installation. A good anti-malware product should be able to detect the Neverquest Trojan, which first was identified in July of 2013. However, like most financial-based Trojans, the Neverquest Trojan is expected to have ongoing support, and updating your security software may be needed before a Neverquest Trojan can be detected or removed.
Besides the general protections that malware researchers find useful against an exploit kit's drive-by-downloads, you also may want to add good e-mail safety protocols to your PC's defenses. The Neverquest Trojan also uses a secondary distribution technique with disguised e-mail messages, pretending to be from legitimate companies, that carry archived file attachments that install a Neverquest Trojan when they're launched.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.