Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>The Vawtrak malware uses steganography to hide update files

The Vawtrak malware uses steganography to hide update files

A new powerful variant of the “Vawtrak” malware, also known as “Neverquest” or “Snifula” has been discovered in the wild. According to malware researchers, “Vawtrak” is one of the most dangerous malicious codes that is threatening systems worldwide. The malware is a financial malware and has new features which enable it to send and receive data through encrypted favicons spread over the anonymizing Tor network. “Vawtrak” uses steganography to hide the update file in the favicons; each favicon is approximately 4 kB. “Vawtrak” implements injections mechanisms and API Hooking in order to steal financial information, FTP credentials, private keys and execute banking transactions from victim’s PC hiding its activities. The variant of Vawtrak detected able to run man-in-the-middle attacks and grab videos and screenshots from the compromised host. The infections of the “Vawtrak” malware are most prevalent in the Czech Republic, USA, UK, and Germany.
Read More:
Security Affairs
Help Net
Team Cymru
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis