Products have updated versions and Trojans are no different. So it is no surprise the developers of the Citadel Trojan just released the 126.96.36.199 Rain Edition.
The new variant is more expensive than the previous edition, $3,391 up from $2,399, but it also comes with new features.
One is the “Dynamic Config,” which allows botmasters to interact faster with their victims via browser injection technology, said researchers at security company RSA.
“This nifty function allows Trojan operators to create web injections and use them on the fly, pushing them to selected bots without the hassle of pushing/downloading an entire new configuration file,” said RSA’s Limor Kessem.
“Citadel-infected machines are going to have an instruction to reach out to the C&C every 2 minutes and update themselves with a predefined file where injection ‘packs’ will be ready to go. The whole system will be managed by a clever distribution mechanism dictating which injection(s) go to which bot or group of bots,” he said.