Terdot is a banking trojan that can also be used to steal information or as a backdoor. It first appeared in October 2016 but increased in sophistication during the latter half of 2017. It is based on the Zeus banking trojan, using its source code and adding new capabilities. Terdot can operate a local Man-in-the-Middle proxy server to sniff and reroute web traffic or in conjunction with a browser injection function to steal credentials and download and execute files from a remote server. To evade detection, it uses legitimate tools, which are often whitelisted, to perform its functions. Additionally, this trojan uses a Domain Generation Algorithm (DGA) to generate domains for its C2 server, making it more difficult to track, block, and infiltrate.
- Bitdefender provides technical analysis of Terdot here.