Security 10748 Published by

Security researchers have come across a new rootkit that is designed specifically to infect 64-bit Windows systems and steal users' online banking credentials.



From ThreatPost:
The new rootkit is being used by attackers in Brazil as part of drive-by download attacks and is then used to steal banking credentials after the infection. The malware has the ability to change some of the boot configurations of infected machines and then aims to redirect users to phishing sites. The new rootkit can infect machines running either 32-bit or 64-bit versions of Windows.

The drive-by download is accomplished by using a malicious Java applet that is targeted at older versions of the Java Runtime Environment. The applet includes a number of files that each have different jobs to do once they're on an infected PC, including one that disables the Windows User Account Control mechanism.
  New 64-Bit Rootkit Being Used to Steal Banking Credentials