ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Karius

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Karius

NamesKarius
CategoryMalware
TypeBanking trojan, Info stealer, Credential stealer
Description(Check Point) The Check Point Research team recently came across one such banking Trojan under development and already being distributed through the RIG Exploit Kit. Dubbed ‘Karius’, the Trojan aims to carry out web injects to add additional fields into a bank’s legitimate login page and send the inputted information to the attacker.

While Karius is not yet in full infection mode, initial tests have already been made and our research below shows the evolution of how such malware takes place. Our analysis also shows how banking trojans such as Karius are put together and makes use of code from other well-known bankers such as Ramnit, Vawtrak and TrickBot.
Information<https://research.checkpoint.com/2018/banking-trojans-development/>
<https://dissectmalware.wordpress.com/2018/03/28/multi-stage-powershell-script/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.karius>

Last change to this tool card: 23 May 2020

Download this tool card in JSON format

Previous: Karba
Next: Karkoff

All groups using tool Karius

ChangedNameCountryObserved

Unknown groups

X_[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key