Skip to main content

New Trojan “Neverquest” Attacks Banking and Financial Websites

By December 10, 2013March 7th, 2023Blog, Cybersecurity

1282930_untitledIf you do your personal or business banking online, Neverquest may be something to keep an eye out for.

While reports of Neverquest are widespread and fairly new, the threat has been confirmed by several security companies. This new Trojan can spread itself via email and even social media, but it only attacks financial websites when a user goes to check their bank account. When a user goes to log into their financial institution, the information is logged and sent to another server for hackers to use and view.

Currently, the most popular way for the virus to be spread is through email. Below is just one of the convincing emails you may receive. It’s especially convincing during the holidays when shipping is much more common than it is the rest of the year.

Subject: Your UPS Invoice is Ready

This is an automatically generated email.
Please do not reply to this email address.

Dear UPS Customer,
New invoice(s) are available for the consolidated
payment plan(s) / account(s) enrolled in the UPS Billing Center

Please open attached file to view and pay your invoice.

(c) 2013 United Parcel Service of America, Inc. UPS, the
UPS brandmark, and the color brown are trademarks of United
Parcel Service of America, Inc. All rights reserved.
For more information on UPS’s privacy practices, refer
to the UPS Privacy Policy.
Please do not reply directly to this e-mail. UPS will
not receive any reply message.

For questions or comments, visit Contact UPS.

Symantec made an announcement earlier this week, nothing that there is a new virus that has hit the market that only targets financial websites:

Once Neverquest infects a computer, the malware can modify content on banking websites opened in certain Internet browsers and can inject rogue forms into these sites. This allows attackers to steal login credentials from users. The threat can also let attackers take control of a compromised computer through a Virtual Network Computing (VNC) server. Neverquest can replicate itself by stealing login details and spamming out the Neverquest dropper, by accessing FTP servers to take credentials in order to distribute the malware with the Neutrino Exploit Kit and by obtaining social networking credentials to spread links to infected websites.

As always, heeding these warnings and taking common-sense precautions when entering your private information into a website is advised. Ensure your anti-virus is up-to-date and that your OS, browser, and any other software you use on a daily basis is fully updated. Run a scan before you visit any websites with sensitive data that you’d like to keep private.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.