Trojan uses a legitimate Java-library to modify banking software.
The company ESET identified a new modification of the Trojan Carberp, which uses legal software to steal funds. In addition, the virus is also able to bypass two-factor authentication using one-time passwords.
Experts note that the basic regions, which are now the most common Carberp, are Russia and Ukraine.
The main purpose of Carberp – change software system iBank 2 companies BIFIT used for remote banking. To modify the iBank 2 Carberp uses malicious java-module that allows the system to bypass two-factor authentication using one-time passwords.
Trojan also uses legitimate Java-library to modify the banking software. This behavior Carberp gives him an opportunity to better hide from antivirus programs.
Once the virus is introduced into the client-banking system, anyone can fully control all payments made by the user via the banking software.