In the last three months we have seen some activity regarding a bot C&C Server named Apophis. Here you can see a few screenshots:

– Login:

– Statistics:                                                                             – Configuration:

– Settings:                                                                               – Templates:

– And a few more:

Today we have gained access to a new Apophis C&C Server. Looking at the files stored in the Server, we have found an encrypted file that seemed to have valuable information. We have decrypted it, it is an excel file that has information about 1,435 people. It includes:

– Full name

– Address (Street, City, State, Zip, Country)

– Phone

– E-mail

– CC number

– cvv

– CC exp. date

– Bank info

This is the number of affected users per country:

Users Country
994
USA
64
Italy
53
Netherlands
48
Israel
47
Belgium
43
Sweden
38
Norway
32
United Kingdom
21
Canada
15
Spain
14
Grecia
14
Switzerland
13
France
12
Germany
7
Austria
5
China
3
Bulgaria
3
Croacia
3
Polland
1
Estonia
1
Iceland
1
Latvia
1
Lithuania
1
Russia
1
Ukraine

It has all the information in all fields but the phone and e-mail addresses, these ones are stored for 994 users. All of them are from 3 countries: USA, UK and Canada. Scary. We are contacting the different banks in order to avoid major problems for the users.