New banking Trojans targeting South Korea
February 2016 by Arbor Networks
Arbor Networks has today released two new threat intelligence reports detailing a Trojan being used to target South Korean banks and a separate banking Trojan believed to be similar to Zeus, Neverquest, and Dyreza.
South Korean banking websites require the use of an NPKI authentication certificate, and it is this that the Trojan targets. Using this encrypted data the threat actor uses a fake banking site to then secure further details, which can then be used to transfer money. Further details can be found here: The Big Bong Theory: Conjectures on a Korean Banking Trojan
However, it is not just South Korea that is being targeted, Arbor’s ASERT team has also studied Corebot banking Trojan. It was initially discovered and documented last year by researchers at Security Intelligence but since then, it has evolved rapidly and, in terms of capabilities such as browser-based web injections, it is now similar to dominant banking malware such as Zeus, Neverquest, and Dyreza. Despite it being relatively new, Arbor’s ASERT team predicts “the threat posed by Corebot will increase over the next year or so, perhaps following the same track as those malware families that have gone before it” because it is of such a high calibre. You can find further details here: Dumping Core: Analytical Findings on Trojan.Corebo