Revamped Neverquest Banking Trojan Now Targets Bitcoin Commerce Sites

Banking Trojan developers have been growing an interest in the world of Bitcoin and cryptocurrency as of late. Neverquest, a popular banking Trojan that made quite a name for itself, has been updated to a new version. Although bank and governmental websites remain the primary target, the Trojan will now also try to inflict damage upon Bitcoin commerce sites.

Neverquest Goes After The Bitcoin Sites Too

As if banking Trojans are not annoying enough to deal with, they also get updated to a new version by the time proper countermeasures for the first generation are established. Neverquest, a very prolific banking Trojan, has received some significant modifications that make it a serious threat. Security experts even go as far as calling it Neverquest2.

Among the new features are plugins that can deliver 266 web-inject rules. By targeting specific websites, mainly banking and government agencies, the developers hope to cause a lot of damage. The first iteration of Neverquest stole millions of dollars from bank accounts all over the world. There is no telling how powerful this new version may be.

What is rather intriguing is how the updated source code will also target Bitcoin commerce sites. It is the first time Neverquest malware will go after cryptocurrency-related platforms. Keeping in mind how the Trojan injects extra fields into targeted web forms to retrieve sensitive information, site owners are hereby warned.

Infected computers will also be subject to remote access and arbitrary code execution. A VNC server can be installed on infected hosts, allowing attacks to log into the system whenever they want. Details that are accessible include a full browsing history and the webcam feed. As the hackers have administrator access, they can do whatever they want, though.

It appears users who rely on online Bitcoin wallets have something else to fear. Neverquest2 can steal certificates stored on a computer. This includes private keys, browser profiles, cookies, and browser cache entries. It is safe to assume any passwords cached in the browser will also be vulnerable.

Image credit 1

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.