Citadel Trojan starts attacking Password Managers

It’s a discovery made by IBM’s Trusteer Researchers that cybercriminals are now using a new weapon to cause threat to your online security. In this new way of security breach, cybercriminals are using Citadel Trojan to compromise authentication solutions and password management.

 Citadel trojan

Generally the new-age applications ask for additional authentication apart from the password you have entered. These extra authentications are something hard to compromise; which includes digital signatures, software certifications and smart cards. These authentication solutions are powerful and often cannot be compromised. However, despite of these powerful solutions, security has been breached ever since cybercriminals have started using sophisticated malware such as Citadel Trojan to compromise these solutions and steal passwords.

About the discovery of the Citadel Trojan attacking the password managers, IBM says,

“Recently, IBM Trusteer researchers found a new configuration of Citadel that is being used to compromise password management and authentication solutions. It instructs the malware to start keylogging (capturing user keystrokes) when some processes are running.”

IBM talks about the Citadel Trojan,

“The Citadel Trojan is not new. It is a massively distributed malware that has already compromised millions of computers worldwide. Once Citadel installs on a machine, it opens communication channels with a command-and-control (C&C) server and registers with it. The malware then receives a configuration file that tells it how it should operate, which targets what to look for, what type of information to capture, which functions to enable and even provides information about alternative C&Cs that allow the attackers to take down an exposed C&C and still operate the malware from a new C&C. As long as the malware is communicating with the C&C, the configuration file can be updated with information about new targets, activities and C&C destinations.”

Who has configured the Citadel Trojan

Unfortunately, IBM Trusteer Researchers were not able to locate who was behind the configuration of Citadel Trojan. The researchers did find that the cybercriminals were using a legitimate web server as the C&C. However, the file was removed before the researchers could locate the file and the mastermind behind it.

What next…

It was a prediction by IBM in 2011 that by the year 2016, the usage of passwords to protect sensitive data will be reduced and it will be replaced by biometric data and biological identity such as DNA, voice files, iris scan and facial definitions. IBM has asked its vendors to make recommendations so as to protect their customers from such attacks.

You can read more about this attack on the blog post at Security Intelligence.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.