Attacks, Vulnerabilities

What is Citadel Malware?

What is Citadel Malware?

Enterprises and professionals having an online presence has to deal with malware sooner or later. String enough to create a great nuisance, Citadel malware is a huge API security concern. The Zeus-based malware is the biggest enemy of the details managed by leading password managers. 

Learning Objectives

Citadel Malware: Everything you Need to Know about it

Basically a toolkit for ensuring successful distribution of malware and botnet attacks, Citadel came into being in 2011 as a potential threat for password managers, deployed at the service of banks. 

Citadel is the most dangerous version, Citadel Trojan was based on Zeus's source code and produced a botnet featuring multiple infected systems. They can even produce an IoT botnet to take over your super-modern infrastructure.

Some of the most common targets of Citadel are Password Safe and Keepass password managers. After its inception in 2011, it remained active and has already infected around 11 million systems by the end of 2017. The loss incurred due to these attacks was roughly estimated at $500 million. 


How does Citadel malware work?

The basic modus operandi of Citadel begins with the installation of malware in the targeted computer or other data-driven devices. The installation is done usually via a drive-by-download attack. A blackhole exploit kit is widely used for this attack. It’s a MaaS platform offered via the dark web. 

Upon visiting an infected website, the Blackhole kit deploys a cyber-vulnerability in the browser and makes the path clear for Citadel installation. Once successfully installed, Citadel hijacks the user’s control in the device b knowing the vital system passwords. 


Capabilities of the Citadel

When active perfectly, via man-in-the-browser (MiTB) methodology, Citadel is capable to steal a huge deal of information.

  • The use of the MiTB technique allows bad actors to introduce crucial fields like PIN on the infected web page. 
  • The corrupted page seems so real that the targeted users feel they are giving away crucial details like PIN to a legitimate website. 
  • The keylogging abilities of Citadel are of higher grade and make password-related information compromise easy. 
screenshot2

Example Citadel Trojan

In January 2014, Target becomes a victim of the Citadel Trojan phishing attack.

In January February 2013, NBC’s official website got corrupted by Citadel Trojan and redirected its visitors to Citadel banking Trojan. 

Citadel Trojan infected a couple of petrochemical companies, functional in The Middle East, in September 2014. 


Citadel Malware Removal

Seeing the above example, it’s clear that Citadel is potential and one must learn to stay safe from this. The most viable strategy is to stay away from websites that aren’t safe and trusted. Mostly, this malware is introduced via banking websites. So, be extra safe while accessing these websites. Check for the encryption details, if you can.

As a website owner, it’s your responsibility to construct secure websites, which is possible using military-grade encryption, use of SSL certification, and adherence with key API security practices.

Secondly, one must learn how to track botnets to prevent botnet attacks.

Having active anti-virus software installed on the used PC or computer is non-negotiable. Keep your subscription active and run a system scan at regular intervals. For tailor-made security solutions, Wallarm is a great help. This tool can secure all kinds of web services and APIs, keeping the possibilities of Citadel attacks as less as possible.

Subscribe for the latest news