The Osiris Banking Trojan Is Replaced By The Ares Malware


The creator of the banking Trojan Osiris ceased its activity in March this year, citing a lack of interest in Trojans in the cybercrime sphere. For the past three years, a developer using the pseudonym Anubi has provided access to the Trojan to groups of cybercriminals.


But just as Anubi announced it was ending its operations, cybersecurity experts at Zscaler discovered a new banking Trojan called Ares, developed from the old Kronos codebase and resembling the Osiris Trojan. It is currently unclear if Anubi was involved in the creation of the Trojan or if he transferred the codebase to a new developer.


According to experts, the link between the three types of malware is more than obvious, although the Ares code is in its early stages of development. The code contains several errors and unreferenced code segments. Presumably they are used for debugging purposes.


Osiris, an updated and improved version of the Kronos malware, infected Windows computers and injected malicious code into web browsers to steal e-banking credentials and alter banking transactions. The malware used advanced rootkits to maintain persistence on infected systems, and could also steal credentials from several local applications and send them to the C&C server.


The banking Trojan has become less and less used among cybercriminal groups. The last major spam campaign spreading a version of the Osiris Trojan was recorded in January this year and targeted users from Germany.


Previous Post Next Post