Konnichiwa, Rovnix! Aggressive Malware Hits Japanese Banks
IBM
X-Force researchers have discovered that the cybercrime gang operating the
Rovnix Trojan has launched an aggressive new infection campaign in Japan.
Rovnix
is the latest advanced malware to set its sights on Japan. Before it came the
Shifu Trojan, which initiated attacks in Japan in August 2015. The gang that
operates Rovnix is known to focus on European banks, but its current campaigns
in Japan are nothing short of an onslaught, with 14 major brands on the target
list.
About Rovnix
The
infection campaigns, the first of which appeared in early December 2015, leverage
malware-laden email messages, delivering Rovnix’s downloader concealed inside
benign-looking .zip attachments. The spam itself comes from email addresses on
.ru domains. It uses one of the most common ploys: a package delivery from
international transport companies, urging recipients to open a waybill (Figure
1, below). That unwitting action covertly launches Rovnix’s downloader from the
archive .zip attachment.
Read
this blog post here
Comments
Post a Comment