This hostname “https://wxxach-sy.eu” is where we revealed a 5.GB of personal data hacked from ITALIAN users. The hostname is a C&C Center for a private botnet with capability to control the infected machines “zombies”. The main function of this malware is “key logger” and “screenshots” capture based on “BANK” and “BANCA” keyword detection. The backend was password protected and all the logs hacked data was encrypted. The malware was capable to receive live commands from the C&C center. The command list that we analysed was focused on info stealing-login details for bank accounts.
This research is also published at ABILab report.
Bollettino ABILab CommValley Aprile 2014