Trojan
Info Stealing
Banking
Ares is a banking Trojan designed to steal financial information, including credit card details and banking login credentials. It also installs a stealer targeting browser-stored usernames, passwords, VPN clients, and cryptocurrency wallets. As a variant of the Kronos malware, Ares represents a new wave of sophisticated attacks on financial systems.
Ares is an evolved variant of the Kronos banking Trojan, first detected in 2014. Its naming reflects its lineage, as in Greek mythology, Ares is the son of Zeus and grandson of Kronos. This new version demonstrates how banking malware continues to adapt and bypass modern security measures.
Technical Enhancements
Ares incorporates advanced techniques, including custom packers like DarkCrypter and BMPack, to evade detection. It also uses a Domain Generation Algorithm (DGA), similar to Qakbot, to create dynamic domain names for its command and control (C2) servers. These enhancements make it harder to disrupt its operations and trace its activities.
Active Development and Distribution
Ares remains under active development, with ongoing testing of new features, including plugins and web injects. Distributed through spam campaigns targeting German-speaking users, Ares focuses on European banking customers. Its ability to harvest credentials from browsers and other applications highlights its broad capabilities and the significant threat it poses.
Keep software and systems updated with the latest security patches.
Implement email filtering to block malicious attachments.
Use strong, unique passwords and enable multi-factor authentication.
Regularly back up essential data and store backups offline.
