Experts suggest that the spread of malware was done by a group of hackers named «Poetry Group».
Experts of the company McAfee stated that Trojan Citadel, whose main task is stealing financial information of victims, is being used to attack a certain number of organizations in Europe and Japan. Experts point out that in these cases, malware does not affect the banking data of users.
McAfee argues that today Citadel Trojan has infected some 1,000 computers in Europe. The experts found 300 variants of this malware on the network. Most of its victims are government and commercial organizations.
“Options Citadel target victims in a given country, and in some cases in a particular city,” – said in a company report.
“We found,” the Spanish campaign, “in which one of the options Citadel infecting computers in Madrid. Malware is spread across not more than 12 computers, “- experts say. In “Spanish campaign” option used Citadel, which has no previously known counterparts. In addition, McAfee failed to establish reasons why the chosen victim, but it is certainly not the theft of financial information.
«Citadel endowed with new capabilities that go beyond the infected client financial institutions. Malware can steal any data from your PC victim. Citadel 1.2.45 (Extreme Edition) can remotely connect to the victim’s computer. In other words, the Trojan may install (automatically, if necessary) hidden link to the victim’s PC, “- said in a company report.
McAfee experts analyzed the malicious campaign launched in October last year. As a result, it was found that Citadel steals credentials from internal applications, banking and industrial systems, as well as other information.
At the moment the malware most often manifests itself in Poland, Japan, Denmark and Sweden.
Presumably, the use of Citadel with new goals is a group of hackers called «Poetry Group», as the malicious executable files contain a new version of Citadel poetic text, in particular poetry of Shakespeare.