Welcome to the Virus Encyclopedia of Panda Security.
It obtains data from several online services, as it prevents users from accessing the legitimate website of their bank and at the same time it displays a false website when users log in them.
|First detected on:||March 13, 2006|
|Detection updated on:||March 14, 2006|
Banker.CHG is a Trojan that obtains data from several online services. In order to do so, it follows the routine below:
- It monitors if users access websites belonging to several banking entities.
- If users enter their data in order to log in any of them, Banker.CHG prevents users from accessing them.
- Instead, it displays a false website that imitates the original one.
- If users enters their data again thinking that there has been an error, Banker.CHG obtains confidential user data, such as username and password.
- Then, it sends the data it has gathered using the POST method of the HTTP protocol to certain URLs.
Banker.CHG does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.
Banker.CHG is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.