One of the main things that makes Neutrino so difficult to spot is that once it infects a target system, it goes into an extended hibernation, so as to throw antivirus software and other security scans off its scent. After its specified hibernation period ends, it wakes up and contacts its Command and Control server, run by the software’s controller.
Among other things, Neutrino can:
• Make screenshots
• Search processes by name
• Search files by name on any infected host and send them back to the C&C Server
• Download and execute files sent from the C&C Server, either to spread the infection, or to cause damage to the system
• Change register branches
To steal credit card information, it searches the memory pages and collects information for the strings “Track1” and “Track2” which contain the information normally held by the magnetic stripe on the credit cards run through the system.
Once it has this data, it’s a simple matter to send it back to the C&C Server at whatever interval the hacker has specified.
According to researchers at Kaspersky Labs, for the moment, the largest concentration of infections is in Russia and Kazakhstan, but that could change in the blink of an eye.
At present, companies that sell antivirus software are working to update their databases to detect this latest threat, but of course, that’s an uphill battle. The hackers will merely create a new, undetectable variant, and the cycle will continue. For now, just be advised that there’s yet another threat to worry about, and stay on your guard.