Lurk

  • First known sample

    2011
  • Discovery

    2011
  • Number of targets

    10000-300000
  • Current status

    Inactive since 2016
  • Type

    Trojan
  • Targeted platforms

    Windows
  • TOP targeted countries

    Russia
  • The way of propagation

    Exploits , Social engineering
  • Purpose/Functions

    Stealing money
  • Special features
    Lurk has existed and actively evolved for over five years, but it works selectively – only on those computers where it can steal money. In the more than five years that it has been active, about 60,000 bots have been registered in the C&C, which is not a huge number. Lurk is a versatile banker Trojan – it can steal money not only from the iBank 2 system that is used by many Russian banks but also from the unique online banking systems of some large Russian banks. Lurk actively resists detection: its developers work hard to minimize detections of their Trojan, while targeted attacks make it difficult to get new samples quickly. Based on the methods of internal organization used in the malware, its feature set and the frequency with which it is modified, it can be concluded that a team of professional developers and testers is working on the project.
  • Targets

    Financial institutions , Journalists , Media , Telecoms
  • Description

    A prominent banking Trojan designed to steal money from Russian bank customers. Distributed via drive-by downloads, as well as compromised websites and across corporate networks, this malware targeted IT organizations working in the telecommunications field, mass media and news aggregators, and banks and financial organizations.

    Additional information