The Terdot banking Trojan is based on the Zeus code that was leaked back in 2011. Bitdefender researchers observed crooks spreading it through spam emails with a bogus PDF icon button. The Trojan is distributed mainly through compromised websites hosting the SunDown Exploit Kit. The authors have added a number of improvements, such as leveraging open-source tools for spoofing SSL certificates and using a proxy to filter web traffic in search of sensitive information. The ability of the Trojan in powering man-in-the-middle attacks could be exploited also to manipulate traffic on most social media and email platforms.”]
Source: https://securityaffairs.co/wordpress/65628/malware/terdot-banking-trojan.html