Welcome to the Virus Encyclopedia of Panda Security.
It consists of two components. One downloads the other, which logs the keystrokes typed by the user to obtain information and then, sends the data it collects. It can be distributed in a message sent via email.
|First detected on:||Oct. 3, 2005|
|Detection updated on:||Oct. 29, 2007|
|Yes, using TruPrevent Technologies
Banker.AXW is a Trojan that consists of two different components. The first one ends several processes belonging to security tools and attempts to download the second component from a website.
On the other hand, this second component monitors the windows whose title bar contains certain text strings , mostly related to banking entities. Then, it logs the keystrokes entered in those windows and it also the keystrokes typed by users if they access their PayPal account, so that it can capture passwords and other sensitive data.
This Trojan uses several PHP scripts in order to send the information it has gathered.
Banker.AXW does not spread automatically by its own means. However, it can be distributed in a message sent via email.
Banker.AXW is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, it has been observed that Banker.AXW may be distributed in a message sent via email. For example, one of these messages is written in Spanish with the subject Su Acceso De la Cuenta Declino! and the attached file PP-083-542-594.JPG.EXE.