Malware News BEBLOH Banking Trojan Outbreak Leads to National Security Alert in Japan

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Authorities in Japan have issued a national alert after detecting a surge in banking trojans targeting the country's citizens, among which a key role played the rising wave of BEBLOH infections.

BEBLOH is a banking trojan that first appeared in 2009, and according to a Symantec report from March, it was the sixth most popular banking trojan of 2015.

The malware works in a similar way to other banking trojans, meaning it will inject itself into browser processes, also FTP and email clients, and collect the user's credentials. This data is then later used to commit fraudulent banking transactions.

BEBLOH comes with tricks to avoid antivirus detection, such as hiding in the computer's memory and hollowing out system processes.

BEBLOH infections reached mammoth numbers in March 2016
According to a Trend Micro investigation, the trojan's authors switched their targeting from Europe to small Japanese banks towards the end of 2015.

First signs of trouble appeared in December 2015, when the company detected 324 infections in the country alone. The number quickly rose to 2,562 in March 2016.

Along with the quick rise in BEBLOH infections, authorities also detected increased activity from other banking trojans such as URSNIF and ZBOT.

Japan police issues public alert on banking trojans
This eventually led the Japanese National Police Agency to publish a public alert on the rise of banking trojans on March 3, 2016.

The agency revealed that crooks stole around ¥2.65 billion ($25.8 million), mostly by targeting rural banks and small credit unions. Crooks also targeted larger banks, but most of the time, they aimed at smaller banks because these institutions can't afford high-grade security systems like their larger counterparts.

Trend Micro says recent BEBLOH versions contain code that specifically targets 17 Japanese banks. Besides the banking trojan, crooks also infected victims with the PUSHDO spambot.

Detecting a BEBLOH campaign is not easy work because crooks use spam email messages to spread their malware, utilizing various subject lines that range from human resource issues to loans, and from online shopping to personal matters.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top