The modular Trojan is being offered to criminals as an alternative to Zeus Researchers from RSA’s Fraud Team have discovered a new Trojan that’s being offered to criminals as an alternative to Zeus. The modular kit, called Pandemiya, goes for $1,500 USD for the core application.An extra $500 USD will get the core application as well as its plugins, which include a reverse proxy, FTP stealer, and PE infector (for system startup).Unlike similar offerings, this new tool for criminals doesn’t recycle any of the previously leaked Zeus code. RSA says that the developer behind it spent more than a year creating it, and it consists of more than 25,000 lines of original code in C.The core function of the malware is data theft, as it’s designed to steal information from an infected system, including login credentials and files. It can also take screen captures of the victim’s system and inject content into the victim’s browser. Furthermore, it includes protective measures that help avoid detection. One of the protections offered by Pandemiya’s author is the signing the botnet files, which will keep it from being hijacked by other criminals, as well as protect it from being analyzed by researchers and law enforcement.Pandemiya also has an experimental feature that promises an infection vector via Facebook, but RSA’s researchers didn’t say if this actually works. If it does, then it’s probable that there could be a revival of Koobface-like infections should Pandemiya takeoff. A second experimental feature is a reverse hidden RDP module, but like the Facebook module, it isn’t clear if this actually works.As far as sales go, it isn’t clear how many copies of the Trojan have been purchased, but criminals are likely to use a new alternative Zeus if it’s proven to work. However, RSA speculates that criminals are holding off on leveraging the new Trojan due to its high cost.Should it start to sell in higher volumes, Pandemiya could become the main payload for crime kits going forward, which is the usual infection vector for commercial Trojans.“The advent of a freshly coded new Trojan malware application is not too common in the underground. The design choice to make this malware modular and easy to expand upon with DLL plugins could make it more pervasive in the near future,” explained RSA’s Eli Marcus.“However, the relatively high entry price or the anonymity of this application have so far prevented it from wide distribution. Only time will tell if its popularity rises. We’ll be keeping an eye on its development.” Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe