Vawtrak malware updated to break tools used by researchers

News by Jeremy Seth Davis

A new version of banking malware includes updates that break tools typically used by security researchers to analyse the Vawtrak trojan.

A new version of banking malware includes updates to the Vawtrak trojan that break tools typically used by security researchers to analyse the malware, according to a report. The malware continues to be actively developed, John Shier, senior security advisor at Sophos, told

A new version of the banking malware, referred to by researchers at SophosLabs as ‘Vawtrak version 2' contains added “features” targeting new victims and geographies. “There is an active set of developers that has been acquiring new customers on a regular basis,” Shier said. “There are new command and control servers being added regularly.”

The malware used to have one monolithic binary that contained entire the payload, although the newest version now contains other modules, he said. “This may point to the ability to build particular custom modules for customers,” Shier noted. “It makes it easier to deliver the payload.”

The Vawtrak malware is likely not related to any of the malicious programmes that enabled attacks against SWIFT member banks. The malware used in the SWIFT cyber-attacks, he said would require “more specialisation and knowledge of esoteric systems,” such as the mechanisms of SWIFT and banking protocol functionality.

An earlier report by Sophos, in 2014, found that Vawtrak was used to target financial institutions in the US, Canada, United Kingdom, Japan, and Israel, with the US being the largest target. The earlier report was published after DDoS attacks by Iranian hackers that knocked banking systems offline. Shier said there was no “smoking gun indicator” that the malware was related to the Iranian attacks. “The authorship of this still remains rather cloaked,” he noted.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike