July 24, 2013 — CSO — With the major developers of banking malware laying low, a new crook on the block has emerged gunning to be top dog in the market.
The developer's new malware is called KINS, and he's selling it for $5,000 a pop, although that price is likely to climb if the malware is a good as he brags it is.
"[KINS is] a new professional-grade banking Trojan that is very likely taking its first steps in the cybercrime underground and could be poised to infect new victims as quickly and effectively as its Zeus, SpyEye and Citadel predecessors," Limor Kessem, a cybercrime specialist with RSA, the security division of EMC, wrote in a blog post on Tuesday.
The Trojan is entering the market at an opportune time, as developers of such major banking malware have either retired, gone into hiding or otherwise removed their skills from the open market.
"There aren't any major commercial Trojans in the underground for sale right now," Kessem said in an interview. "KINS will probably be the next Trojan that will take over."
In a message posted to a Russian language underground forum and translated by RSA, KINS' developer said the malware has been developed from scratch and not a modification of another product. Nevertheless, RSA found a number of similarities between it and previous Trojans.
For example, like Zeus and SpyEye, the malware has a main file and DLL-based plug-ins. One plug-in is already available for $2,000, according to the malware developer's forum posting, to counter Rapport, a popular fraud protection program currently used by banks.