The FBI began warning users about the Beta Bot Trojan this week, sounding the alarm about malware that targeted online payment platforms and financial institutions.
Criminals have begun using the Trojan to block victims’ access to security websites, disable antivirus programs and trick them into giving hackers access to their computers, according to an intelligence note prepared by the Internet Crime Complaint Center (IC3).
The malware has been popping up on user’s computers in the form of a Microsoft Windows message box, the FBI said. When asked if users want to run a program, “Windows Command Processor,” users end up urged not to click “Yes.” The “User Account Control” box claims to just want to make changes to the computer but in actuality will allow hackers to “exfiltrate data from the computer,” including log-in credentials and financial information.
The malware has also been propagating on the popular messaging platform Skype and across USB thumb drives, according to the warning.
While the FBI refers to Beta Bot as new, the malware surfaced at the beginning of the year as an HTTP bot and later expanded its capabilities that spring, according to RSA’s Limor Kessem, who described it as a type of rootkit-based financial malware in May.
The FBI never thought Beta Bot was that sophisticated, so it remains unclear if the warning coincides with a new rash of Beta Bot infections or a new set of technical capabilities for the malware.