The modular CoreBot malware has risen in sophistication almost overnight through the application of new banking data theft capabilities.
Last month, researchers from IBM Security X-Force explained
the inner workings of CoreBot, a strain of malware with an inbuilt modular design. While not sophisticated and fairly basic at the time, the malware caught the eye of researchers due to the future risks it could represent.
CoreBot differs from standard malware as the code allows the bolt-on of additional mechanisms, ranging from endpoint control and data theft modules to fresh exploits taking advantage of zero-day vulnerabilities.
After infecting a system, the malware uses a dropper to write the malware file and implant itself through a Windows Registry Key. At the time, the only module within CoreBot related to password theft through an Internet browser.
