As you already know if you’ve read our paper about The Business of Rogueware this is a very lucrative business. Everyday we see thousands of new variants, and a few families that appear trying to infect users and to get their money. Three of the new families we’ve seen this week, called SaveKeep, SaveSoldier and TrustNinja are at the end the same rogueware but rebranded, which is one of the common strategies they use. Guess how we can know that the three of them are in fact the same rogueware:
Another clue to find out that this is the same piece of malware is that they are using the same payment gateway: