Hesperbot, the new powerful banking Trojan found by ESET

Sep 11, 2013, 11:30 am EST

Hesperbot is the name of a new banking Trojan detected by ESET, it is a very potent malware which includes some very advanced tricks.

Hesperbot is the name of the last banking trojan detected by security firm ESET, a malware that due its effectiveness could create serious problems to banks and financial institutions.

Just yesterday I wrote about the evolution of cyber threats targeting online banking services, Hesperbot (Win32/Spy.Hesperbot) is specifically designed to elude mobile multi-factor authentication processes based on mobile devices.

Security researchers revealed that the Hesperbot trojan hit prevalently users located in UK, Turkey, the Czech Republic and Portugal, the malicious code emulates the behaviors of most popular predecessors Zeus and Spy Eye.

“Analysis of the threat revealed that we were dealing with a banking trojan, with similar functionality and identical goals to the infamous Zeus and SpyEye, but significant implementation differences indicated that this is a new malware family, not a variant of a previously known trojan.”

The first instances of the malware were detected in the Czech Republic, the cyber criminals used phishing emails to spread the Hesperbot trojan, the messages impersonate the country’s postal service to deceive victims.


Singular the revelation of ESET on the variant discovered in the UK for which the malware authors have created a specific code, the security firm hasn’t provided further detail on it probably because the investigation is still ongoing. The following graph represents the detection statistics of Win32/Spy.Hesperbot according to ESET LiveGrid:

Detection Graph

Hesperbot has the same characteristics of well-known banking malware, it is able to grab victim’s video creating screenshots and video capture, is set up a remote proxy for the attackers and has a keystroke logging feature.

The malicious code is used by cybercriminals to steal banking credentials, exactly as seen for other malware the attack includes the impairment of the victim’s mobile.

Hesperbot is able to compromise Android, Symbian and Blackberry mobile OSs, one of the most interesting features implemented by the authors is the capability to create a VNC server on the victim’s system and is able to intercept network traffic using HTML injection techniques.

The Trojan also harvests email addresses from the victims and send them to C&C server, the email addresses could be used to expand infection or to arrange further malware based attacks.

Hesperbot is considered by ESET experts a very potent banking Trojan which features common functionalities and also includes some more advanced tricks … banks must follow its evolution with maximum attention.

(Source: CDM, Pierluigi Paganini, Editor and Chief )

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase