Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    ONLINEG, a spyware known to steal online gaming credentials, appears to be adding backdoors to its resume. We found a variant (specifically TSPY_ONLINEG.OMU) that aside from the usual data theft routine, also downloads a backdoor onto the infected system, making it vulnerable to more damage.

    TSPY_ONLINEG.OMU was recently found on certain South Korean websites, which were compromised to host the said malicious file. Based on our analysis, the spyware is possibly an updated version of an old variant detected as TSPY_ONLINEG.ASQ, which first existed about a year ago.

    Like any online gaming spyware, TSPY_ONLINEG.OMU steals user accounts and credentials of specific online games. But in addition to this, if the user visits the login pages for the administrator consoles of websites that are part of certain industries, it downloads a keylogger/backdoor (BKDR_TENPEQ.SM). This allows the attacker to steal the credentials used for these portals.

    The companies targeted by these attack are all based in South Korea and belong to the following industries:

    • News
    • TV
    • Radio
    • Finance
    • Shopping
    • Gaming
    • Advertising

    Online gaming’s popularity in South Korea is well-known, thus it is no surprising that the people behind this attack used TSPY_ONLINEG.OMU. However, the use of ONLINEG may also have been an attempt to disguise the actual intent of the malware. Because this particular malware family is “known” to be focused on online gaming theft, without looking into the actual code people may underestimate its potential threat.

    This incident is also another example of the online bad guys’ continuous efforts to revamp and improve old but reliable threats. Thus it is important for users to stay updated with the latest developments in online security.

    As of this writing, the affected South Korean sites are now clean and no longer host the said malware.

    With additional insights from Threat researcher Eruel Ramos





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice