Beta Bot

Beta Bot is a trojan that targets Windows OS and is designed to steal sensitive information such as login credentials from victims who use financial websites, eCommerce sites, online payment platforms, and social networking sites. Beta Bot does this by harvesting usernames and passwords from browser caches. Additional features include preventing victims from accessing security-related websites, disabling antivirus software, and detecting the presence of sandboxes and virtual machines. It is distributed via USB flash drives, Skype and, the Neutrino exploit kit and, most recently, malicious Microsoft Word documents. Once a system is infected, Beta Bot masquerades as a User Access Control (UAC) window asking the victim for permission to make changes to the computer. If the victim complies, malicious activity begins to occur on the infected system.

Reporting

  • September 2013: The FBI releases a Public Service Announcement warning potential victims of the Beta Bot trojan. (Federal Bureau of Investigation)
  • September 2016: Beta Bot begins delivering the Cerber ransomware variant in addition to stealing victims’ login credentials. (Dark Reading)

Technical Details

  • Invincea provides technical analysis of the most recent Beta Bot trojan campaign, including IoCs, here
 

One example of the Beta Bot trojan. Image Source: Invincea