Banking Trojans with account commandeering capabilities are dangerous enough on their own, but two major changes made to one Trojan's code makeup have increased its persistence and risk to potential victims.

Recent findings from researcher/author King Salemno of the Charleston, S.C.-based cybersecurity firm PhishLabs focused on Vawtrak/Neverquest2, which now uses a domain generation algorithm to identify its command-and-control server.

"It is a sophisticated, modern banking Trojan with advanced account hijacking capabilities," Salemno said.

Complete your profile to continue reading and get FREE access to, part of your ALM digital membership.

  • Critical information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including and

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).