New variant of Pinch Trojan detected with 4000 users already infected

News by Dan Raywood

A new variation of the Pinch Trojan has been detected by Prevx.

A new variation of the Pinch Trojan has been detected by Prevx.


Director of malware research Jacques Erasmus, claimed that the Trojan is still infecting users despite creators being arrested more than a year ago. Data also showed that more than 4000 users had been infected yesterday from one variation.


Of the 4,000 people infected, 392 are from the USA, 335 from Brazil, 93 from China and 73 from the UK. The data also shows that out of the 4,000 people infected, more than 150 were already running active anti-virus software, underlining the fact that despite the source code being over a year old, it is still bypassing traditional signature-based anti-virus.


Prevx has reported the location distributing the malware to the relevant ISP, which has subsequently been shut down.


Erasmus said: “This data is an interesting insight into the modern world of the malware developer. By simply buying the software kit off the internet and adding a few custom tweaks, the owner of this particular variation is managing to get round major anti-virus software and stealing peoples credit card details, passwords and other personal information.


“The code to create this Trojan has been on forums and passed around, I have seen two to three versions a day created and tested out, either on virus websites or on our products.”


He claimed that there are a few specific features of the Pinch Trojan, specifically that it will infect both Internet Explorer and Firefox to monitor and collect passwords and credit card details. From a corporate perspective, it can steal technical services and remote credentials, and can login to the network using these details.


Erasmus said: “This is only variant of it, and there are a large number of possibilities for other versions. Anyone trying to make a business out of malware can simply get the code and give it a try.


“It just goes to underline that the signature-based approach is not enough - what is needed is a complementary anti-virus approach which can detect malware using a different technique. Only by taking this approach can people catch these latest types of malware.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews