Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



New banking Trojans targeting South Korea

February 2016 by Arbor Networks

Arbor Networks has today released two new threat intelligence reports detailing a Trojan being used to target South Korean banks and a separate banking Trojan believed to be similar to Zeus, Neverquest, and Dyreza.

South Korean banking websites require the use of an NPKI authentication certificate, and it is this that the Trojan targets. Using this encrypted data the threat actor uses a fake banking site to then secure further details, which can then be used to transfer money. Further details can be found here: The Big Bong Theory: Conjectures on a Korean Banking Trojan

However, it is not just South Korea that is being targeted, Arbor’s ASERT team has also studied Corebot banking Trojan. It was initially discovered and documented last year by researchers at Security Intelligence but since then, it has evolved rapidly and, in terms of capabilities such as browser-based web injections, it is now similar to dominant banking malware such as Zeus, Neverquest, and Dyreza. Despite it being relatively new, Arbor’s ASERT team predicts “the threat posed by Corebot will increase over the next year or so, perhaps following the same track as those malware families that have gone before it” because it is of such a high calibre. You can find further details here: Dumping Core: Analytical Findings on Trojan.Corebo

See previous articles


See next articles