Home / malware Trojan.Bankapol
First posted on 29 January 2016.
Source: SymantecAliases :
There are no other names known for Trojan.Bankapol.
Explanation :
The Trojan may be dropped by Trojanized installers.
When the Trojan is executed, it creates the following file: %UserProfile%\Application Data\Mozilla\Firefox\Profiles\[USER ID].default\extensions\jid1-ruV7VAC61k9bqA@jetpack.xpi
The Trojan is installed as a FireFox add-on called "Firefox Google Search 30.01"
The Trojan then connects to the following remote locations: [http://]131.72.138.153/js.[REMOVED][http://]jserv.in/js.[REMOVED]
The Trojan may then perform the following actions: Download additional scriptsCapture screenshots of the web browser and send them to the attackersLast update 29 January 2016
