Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    Sep2
    10:51 pm (UTC-7)   |    by

    Through investigation and collaboration between our researchers and engineers, we discovered a malicious online banking Trojan campaign targeting users in Japan, with the campaign itself ongoing since early June of this year. We’ve reported about such incidents in the past, including in our Q1 security roundup – and we believe this latest discovery shows that those previous attacks have been expanded and are a part of this particular campaign.

    We discovered the online banking Trojan involved in this campaign to be a variant of the Citadel family. Citadel variants are well-known for stealing the online banking credentials of users, directly leading to theft.

    We’ve identified at least 9 IP addresses serving as its command and control(C&C) servers, most of them detected to be belonging in the US and Europe. Monitoring these servers, we also discovered that 96% of the connections to these servers are coming from Japan – further proof that the most of the banking trojan infections are coming from that one specific country.

    In addition to this, we also managed to find out the following about this campaign:

    • Only financial and banking organizations native to Japan are targeted in this attack
    • Popular webmail services (Gmail, Yahoo! Japan mail, Hotmail) were also targeted

    We are currently enhancing the monitoring of the C&C servers related to this campaign. During a six-day period, we detected no less than 20,000 unique IP addresses connecting to these servers, with only a very minimal decrease from beginning to end. This means that there is still a large number of infected systems still stealing online banking credentials and sending them to the cybercriminals responsible.

    The banks and financial institutions targeted in this campaign have already released warnings and advisories to their customers and loyalists regarding the attack itself. Users are reminded to read these warnings properly before logging into their online banking accounts.

    Trend Micro customers are protected from all related malware and malicious elements in this attack.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice