An old banking Trojan has been operating in Europe on a low level has
spiked in activity after migrating to Japan. Cybercriminals are using
local brand names such as local ISP providers and legitimate looking
addresses to fool users into downloading malware that can steal
information by monitoring browsers, file transfer protocol (FTP)
clients, and mail clients. Its targets? Mostly rural banks.
BEBLOH is a banking Trojan that has been around since as early as 2009.
It has outlived several competitors including Zeus, and SpyEye. It is
designed to steal money from unsuspecting victims right off their bank
accounts without them even noticing. BEBLOH always came up with new
defensive measures to avoid AV products, and this time is no different.
BEBLOH is also known for hiding in memory and creating a temporary new
executable file upon shutdown, and deleting said file after re-infecting
- Kamis, 14 Jul 2016
- Penulis: Janus Agcaoili, TrendLabs Security Intelligence Blog (Trend Micro)