(Mostly) Polish threat landscape: not only VBKlip
2023-04-28 | 14:20 – 14:50
Last year, I presented a talk about Polish malware authors. Since then, we acquired even more knowledge and Polish malware market evolved slightly. Of course, there still are ”hacker” forums, which use simple, leaked and cracked keyloggers and sell their services to anyone with enough money. However, this is probably the same case in any other country.
On the other hand, major players start emerging. VBKlip and Banatrix, which were used to replace the bank account number in the Windows clipboard, evolved to a more sophisticated, webinject-based malware. This means that Polish authors are constantly learning from other malware families. This evolution mimics what was happening in the banking trojan market during the last couple of years – starting with simple, one-off attacks moving to a
more structured way of stealing money.