Trojans targeting banks in South Korea are mistreatment Pinterest as a Command and management channel
Security researchers at Trend small laboratory had found that some banking Trojans were specifically targeting South Korean banks. currently it's been discovered that these banking trojans use Pinterest to speak with command-and-control and conjointly to direct victims to spoofed sites containing malware payload.
Some of the banks that have fallen victim to those attacks square measure Hana Bank, Nonghyup Bank, the commercial Bank of peninsula (IBK), Shinhan Bank, Woori Bank, Kookmin Bank, and also the client Finance Service Center. Once a client has been infected with malware and is redirected to a phishing website that appears sort of a legitimate banking web site, the criminals square measure able to steal their banking credentials. but this is often the primary time that a Trojan has been found to use Pinterest to unfold itself.
The trojan known during this attack is dubbed as TSPY_BANKER.YYSI. it's a region of BANKER malware family and appears to own been developed to attack on South Korean banks. it's being unfold in South Korea with through compromised websites serving the malware, that then direct their guests to downloading the exploit kit. Once it infects a system, the Trojan monitors victims’ on-line activities and redirects them to a phishing web site after they plan to access the websites of sure money establishments.
TSPY_BANKER.YYSI trojan is additionally targeting common South Korean computer programme guests. once victims visit this search website, they're bestowed with a pop-up window containing links to the websites of banks monitored by the malware.
Trojans targeting banks in South Korea are mistreatment Pinterest as a Command and management channel
As aforesaid higher than, the banking trojan uses Pinterest in its command and management (C&C) routines. rather than contacting a C&C server, the Trojan accesses comments denote on Pinterest. The comments given within the image higher than that square measure spoofed scientific discipline addresses, “104A149B245C120D.” once this spoofed scientific discipline address is decoded by commutation letters with a dot and also the resultant scientific discipline address hosts the phishing page server. Trend Micros states that the trojan authors square measure mistreatment this ways to avoid detection and conceal the trojan.
Trend conjointly seen that this explicit trojan leveraged exploits for 2 patched web soul vulnerabilities, CVE-2013-2551 and CVE-2014-0322, to deliver the malware. The exploit code is heavily obfuscated, but Trend small researchers have all over it to be the same as Sweet Orange, AN exploit kit that has been utilized in many cyber crime campaigns.
Some of the banks that have fallen victim to those attacks square measure Hana Bank, Nonghyup Bank, the commercial Bank of peninsula (IBK), Shinhan Bank, Woori Bank, Kookmin Bank, and also the client Finance Service Center. Once a client has been infected with malware and is redirected to a phishing website that appears sort of a legitimate banking web site, the criminals square measure able to steal their banking credentials. but this is often the primary time that a Trojan has been found to use Pinterest to unfold itself.
The trojan known during this attack is dubbed as TSPY_BANKER.YYSI. it's a region of BANKER malware family and appears to own been developed to attack on South Korean banks. it's being unfold in South Korea with through compromised websites serving the malware, that then direct their guests to downloading the exploit kit. Once it infects a system, the Trojan monitors victims’ on-line activities and redirects them to a phishing web site after they plan to access the websites of sure money establishments.
TSPY_BANKER.YYSI trojan is additionally targeting common South Korean computer programme guests. once victims visit this search website, they're bestowed with a pop-up window containing links to the websites of banks monitored by the malware.
Trojans targeting banks in South Korea are mistreatment Pinterest as a Command and management channel
As aforesaid higher than, the banking trojan uses Pinterest in its command and management (C&C) routines. rather than contacting a C&C server, the Trojan accesses comments denote on Pinterest. The comments given within the image higher than that square measure spoofed scientific discipline addresses, “104A149B245C120D.” once this spoofed scientific discipline address is decoded by commutation letters with a dot and also the resultant scientific discipline address hosts the phishing page server. Trend Micros states that the trojan authors square measure mistreatment this ways to avoid detection and conceal the trojan.
Trend conjointly seen that this explicit trojan leveraged exploits for 2 patched web soul vulnerabilities, CVE-2013-2551 and CVE-2014-0322, to deliver the malware. The exploit code is heavily obfuscated, but Trend small researchers have all over it to be the same as Sweet Orange, AN exploit kit that has been utilized in many cyber crime campaigns.
0 Response to " Trojans use Pinterest as Command and Control channel for targeting South Korean Banks "
Post a Comment