09:20 GMT17 January 2021
Listen Live
    Get short URL
    0 230

    Cybersecurity is among the issues being raised on the sidelines of the World Economic Forum, now in full swing in Davos. Russia's Kaspersky Lab appears to appreciate the significance of the agenda as it has warned of a yet new IT threat – this time to computer users' financial data.

    Specialists from Kaspersky Lab, the biggest cybersecurity company in Russia, have spotted a new Trojan called Mezzo, which was specially developed to hunt for "real," conventional money as well as cryptocurrencies, the company’s press release states.

    Mezzo can falsify data in exchange files between accounting and banking systems and is currently sending information obtained from an infected computer to the criminals’ servers. Analysts say that this may be a signal that the Trojan’s creators are getting ready for an upcoming campaign to steal the money.

    Not many computers have been infected by Mezzo so far, but all of them have proved to be in Russia. The virus spreads with the help of external loading programs. Once on a device, the Trojan virus creates a unique identification code for an infected computer which is further used to add a password protected folder on the hackers' server to store all the files stolen from the victim’s computer.

    READ MORE: Theresa May Addresses 2018 World Economic Forum

    Mezzo takes a primary interest in text files of popular accounting software, which were created less than two minutes earlier. When it spots these types of documents, the Trojan waits for a dialogue window to open to exchange data between a bank and an accounting system. If this happens it can replace the account details exactly as the exchange takes place. Voila! Your money is sent to them. If no dialogue window opens, Mezzo can even falsify the whole file.

    "Analysis of the Mezzo code has shown that the virus can be linked to another much talked about Trojan, which is hunting for cryptocurrencies, the so-called CryptoShuffler. Kaspersky Lab experts have discovered that the Mezzo code and that of AlinaBot, which loads CryptoShuffler, are identical to the very last line. The codes of both viruses have obviously been written by the same virus programmers, thus they may be also interested in users' crypto-wallets," the company noted.

    READ MORE: Necessary to Scrutinize Cryptocurrencies as They Can Be Used by Criminals — UK PM

    Sergei Yunakovsky, an antivirus expert with Kaspersky Lab, pointed out that with the help of a similar Trojan virus called TwoBee, which the company detected about a year ago, perpetrators managed to snatch over 200 million rubles from Russian companies.

    Mezzo is different from the point of view of employing a simpler algorithm to search for  and check the files it is interested in. It is highly probable that its functionality is not limited to solely accounting programs, as any virus is known to increasingly employ multiple different modules and functions.

    Founded in 1997, Kaspersky Lab is a multinational cybersecurity and anti-virus provider based in Moscow, Russia and operated by a holding company in the United Kingdom. It develops and sells cybersecurity software, boasting about 400 million clients around the world, and is the leading anti-virus solution in Europe.


    Cryptocurrency: 'Biggest Evolution of Financial System in History' – Investor
    Telegram May Enter Cryptocurrency Fray to Challenge Visa, MasterCard
    US Cybersecurity Agency Accuses North Korea of Cryptocurrency Cyber Heist
    Pyongyang-Linked Hackers Attacked Cryptocurrency Exchanges in S Korea - Report
    cryptocurrency, vulnerability, computer virus, banking, money, Kaspersky Lab, Moscow, Russia
    Community standardsDiscussion