Banking Exchange Magazine Logo

“Neverquest” trojan targets online banking

FS-ISAC details malware attack

  • |
  • Written by  Website Staff
  • |
  • Comments:   DISQUS_COMMENTS
“Neverquest” trojan targets online banking

Over recent months, the FS-ISAC Security Operations Center has been tracking malicious activity associated with the Neverquest banking trojan.

Neverquest is a variant of the Vawtrak banking trojan that primarily targets online banking customers in the U.S. and Asia-Pacific countries. Neverquest primarily steals login credentials for specific websites.

Like other credential-stealing malware, Neverquest uses a “trigger list” of URLs and keywords to identify when an infected user logs into a secure banking site or other targeted secure site. Recent configurations show a shift to target social networking sites, gaming sites, and online retailers.

Other optional functionality reportedly includes a virtual network computing module to provide remote control of an infected computer, and a webinject module to collect additional information from victims.

Recent related campaigns use the Chanitor malware downloader for initial infection and to download the Neverquest malware to the victim’s computer. Chanitor primarily leverages malicious macros in Microsoft Word documents, which are typically delivered via phishing emails, although they could also be hosted on malicious or compromised websites.

Preventative measures

The FS-ISAC Securities Operations Center encourages financial institutions to ensure that macros are disabled by default in Microsoft Office. Additionally, employees should be reminded to never enable macros in a Microsoft Office document without verifying its legitimacy.

Read “Are You A Friendly Neighborhood Target?,” based on a FS-ISAC presentation

Read 2013 Kaspersky Lab blog on Neverquest basics: “Neverquest Trojan: Built to Steal from Hundreds of Banks”

Read more about the FS-ISAC’s recent work and alerts at its latest monthly bulletin

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo