BEBLOH Expands to Japan in Latest Spam Attack
Diposting : Kamis, 14 Jul 2016, Penulis : Janus Agcaoili, TrendLabs Security Intelligence Blog (Trend Micro)

An old banking Trojan has been operating in Europe on a low level has
spiked in activity after migrating to Japan. Cybercriminals are using
local brand names such as local ISP providers and legitimate looking
addresses to fool users into downloading malware that can steal
information by monitoring browsers, file transfer protocol (FTP)
clients, and mail clients. Its targets? Mostly rural banks.

BEBLOH is a banking Trojan that has been around since as early as 2009.
It has outlived several competitors including Zeus, and SpyEye. It is
designed to steal money from unsuspecting victims right off their bank
accounts without them even noticing. BEBLOH always came up with new
defensive measures to avoid AV products, and this time is no different.
BEBLOH is also known for hiding in memory and creating a temporary new
executable file upon shutdown, and deleting said file after re-infecting
the system.


Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: