Win32:Banker is a family of Trojans capable of monitoring user activity and stealing private information. Win32:Banker monitors user’s internet access. If certain websites (banking, payment system) are visited, Win32:Banker will log user’s activity. Win32:Banker will than send all the stolen details to the attacker.
Win32:Banker is a family of Trojans capable of stealing private information such as account numbers, passwords and banking credentials. Many variants can wait in the background and monitor user's internet activity. A logging procedure starts when a certain website is accessed, or if the address of an accessed website contains certain words. Many variants may supplement legitimate banking or payment system websites to get user details.
After getting the user details, Win32:Banker will send all the information to the attacker. Data can be sent to the attacker’s e-mail, can be uploaded to the attacker’s FTP server or can be submitted to the attacker’s website.
Win32:Banker may be downloaded by a user or can be received via email, but usually it is downloaded by other Trojan-Downloaders. When Win32:Banker is launched, it may copy itself to various folders such as %WINDOWS% or %SYSTEM%. Many variants set themselves to run each time Windows starts by creating the corresponding registry entries.
Most known variants target the users of Brazilian banks. These variants may be distributed in executables with names containing the word "cartao" ("card" in English).
If a user’s computer is infected with Win32:Banker, it is recommended to change the logging details of user’s bank account.