“Terdot uses two attack vectors to exploit users—phishing and man-in-the-middle,”Asnani told HackRead via email. “Enterprises that have deployed breach prediction systems that comprehensively cover all attack vectors are able to defend against Terdot more effectively. But, it should be noted that most of the today’s detection solutions are single attack vector focused. A multi-vector system is needed in this case—and would have proactively flagged users that are at risk of phishing, in addition to compromised or spoofed certificates.”

Further technical details for Terdot trojan are available here [PDF].