Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Brolux PC-Trojan Targets Japanese Online Banking Users

According to ESET the security company, "Brolux," one fresh banking Trojan is wreaking havoc in Japan as it attacks Internet banking users inside the country.

The threat identified to be Win32/Brolux.A is the result of malicious actors distributing it using Flash Player vulnerability namely CVE-2015-5119, which got leaked following the Hacking Team's security infringement, and another vulnerability (CVE-2014-6332) in Internet Explorer called 'Unicorn.'

Incidentally, Adobe had patched the vulnerability in Flash Player during July while Microsoft had patched Unicorn during November 2014; however seemingly, malware purveyors still find the older flaws similar as those just mentioned useful in planting their wares.

The exploits, states ESET, got their hosting services from a porn site, while little clue exists of any attack toolkits being employed for distributing the Trojan. Successful use of the exploits results in an authorized binary getting thrust onto the victim's computer.

And as the computer gets infected, the key Brolux payload pulls down dual configuration files -first having 88 URL names, while second has several browser window labels related to online-banking within Japan.

When end-users access different websites to get the right banking site, Brolux sniffs all those sites.

Incidentally, Brolux works well in Chrome, Firefox and Internet Explorer Web-browsers.

In case of victims running IE, Brolux monitors the sites in the browser that's any of the banking sites listed within the first downloaded configuration file. And in case victims run Chrome/Firefox, Brolux seeks to match the window's label as in the second downloaded configuration file.

Once any of the listed online-banking websites is accessed inside the victim's browser, Brolux starts showing a phishing site to him that's crafted for grabbing login credentials as well as other details, in particular, payment card details, PINs, e-mail ids and queries and replies related to security matters.

Further from clues collected, it appears that Chinese cyber-criminals are behind the malware campaign because the text within the phishing site is in Chinese language; Brolux is signed using one digital certificate that was given to certain organization in China; while a sample detected utilizes one Chinese mutex title. ESET published this, October 15, 2015, on securityaffairs.co.

» SPAMfighter News - 10/26/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page