New Version of Dorkbot Malware Targets Banking Institutions


According to the recent research report published by the team of security investigators, Dorkbot Malware is a 6-year old banking Trojan virus which has resurfaced itself in the wild and becomes a big security threat to user’s computer. Previously, the malicious activities of this malware was reported back in year 2012 and now it seems that the Dorkbot Malware has started attacking the banking systems again. The updated version of this virus was ranked as a second dangerous threat in the world during 2012.

Dorkbot Malware

Now, the Dorkbot Malware comes again with some unique features and ready to wreak havoc and cause huge damages to the banking sectors on a major level. Technically speaking, it is a kind of banking Trojan which is used by the criminal hackers in order to target Skype accounts including accounts on other social networking websites like Twitter and Facebook as well. Cyber criminals behind Dorkbot Malware has been tried to trick the innocent system users into downloading an archive file which appears to be from their social media accounts.

When the ZIP attachment that contains the payload of Dorkbot Malware gets opened by the computer users, the threat immediately locks the screen of victim’s machine. However, this is not the only function of this malware and it has been updated with some unique features that makes it an advance Remote Access Trojan (RAT). Although, Dorkbot Malware is especially programmed to steal victim’s personal information like the login credentials of online banking sites, passwords, account names and keystrokes that were pressed on your computer’s keyboard.

The main objectives of the creators of Dorkbot Malware is to perform the remote code execution attacks onto the affected machines to steal stored banking details manually. Meanwhile, it means that the hackers may even spy on your system’s browsing history to extract saved passwords that you have entered previously and saved them on your browser for easy access. The new injection capabilities of Dorkbot Malware has been detected as Early Bird whose main purpose is to avoid getting detected by installed security softwares.

Related News: Vega Stealer Malware Harvesting Users Credentials From Chrome and Firefox Browser


Right after the successful invasion on targeted computers, the Dorkbot Malware drops various files into the ‘%AppData%’ and ‘%Temp%’ file directories. The harmful files that are dropped by this Trojan on user’s system is identified as a Trojan worm which allows the malware to infect other computers in the network. Additionally, this threat can also modify the registry entries to automatically gets started when you start your machine. In order to proliferate onto the flash drives, the Dorkbot Malware consists a folder named ‘RECYCLER’ which has been reported using all possible USB drives. Due to its backdoor capabilities, users as well as banking institutions are strongly suggested to beware from this vicious attack.

Leave a Comment

Your email address will not be published. Required fields are marked *

Skip to toolbar