- Oct 23, 2012
- 12,527
Authorities in Japan have issued a national alert after detecting a surge in banking trojans targeting the country's citizens, among which a key role played the rising wave of BEBLOH infections.
BEBLOH is a banking trojan that first appeared in 2009, and according to a Symantec report from March, it was the sixth most popular banking trojan of 2015.
The malware works in a similar way to other banking trojans, meaning it will inject itself into browser processes, also FTP and email clients, and collect the user's credentials. This data is then later used to commit fraudulent banking transactions.
BEBLOH comes with tricks to avoid antivirus detection, such as hiding in the computer's memory and hollowing out system processes.
BEBLOH infections reached mammoth numbers in March 2016
According to a Trend Micro investigation, the trojan's authors switched their targeting from Europe to small Japanese banks towards the end of 2015.
BEBLOH is a banking trojan that first appeared in 2009, and according to a Symantec report from March, it was the sixth most popular banking trojan of 2015.
The malware works in a similar way to other banking trojans, meaning it will inject itself into browser processes, also FTP and email clients, and collect the user's credentials. This data is then later used to commit fraudulent banking transactions.
BEBLOH comes with tricks to avoid antivirus detection, such as hiding in the computer's memory and hollowing out system processes.
BEBLOH infections reached mammoth numbers in March 2016
According to a Trend Micro investigation, the trojan's authors switched their targeting from Europe to small Japanese banks towards the end of 2015.
First signs of trouble appeared in December 2015, when the company detected 324 infections in the country alone. The number quickly rose to 2,562 in March 2016.
Along with the quick rise in BEBLOH infections, authorities also detected increased activity from other banking trojans such as URSNIF and ZBOT.
Japan police issues public alert on banking trojans
This eventually led the Japanese National Police Agency to publish a public alert on the rise of banking trojans on March 3, 2016.
The agency revealed that crooks stole around ¥2.65 billion ($25.8 million), mostly by targeting rural banks and small credit unions. Crooks also targeted larger banks, but most of the time, they aimed at smaller banks because these institutions can't afford high-grade security systems like their larger counterparts.
Trend Micro says recent BEBLOH versions contain code that specifically targets 17 Japanese banks. Besides the banking trojan, crooks also infected victims with the PUSHDO spambot.
Detecting a BEBLOH campaign is not easy work because crooks use spam email messages to spread their malware, utilizing various subject lines that range from human resource issues to loans, and from online shopping to personal matters.