Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Rovnix Banking Trojan Now Targeting Japanese Users after Abandoning Europe

The devious and highly sophisticated banking malware Rovnix, which until now was spreading only in European countries, is now attacking Japanese users.

Both Rovnix as well as its creators, popular during 2014, have abandoned Europe's threat market. They're currently attacking customers of fourteen largest banks in Japan. Rovnix, a dangerous malware, with its features imitates different banking applications' Web logins to subsequently garner secret financial data.

One particular Rovnix using gang recently, following a prosperous time in The Netherlands, has customized the Trojan to make it conduct illegal withdrawals from victims' bank A/Cs inside Japan.

The Trojan, found in different versions since approximately 5-yrs, is now highly advanced for eluding detection, evading bank security as well as convincingly imitating online banking sites.

Evidently, IBM X-Force team's researchers by examining the different Rovnix samples perceive that the malware's operators have done a detailed study of Japanese banks so as to develop one user interface which very efficiently imitates those belonging to particular banking websites.

During assaults by the Trojan within Japan, a rather complicated group of features is used such as scrutinizing victims' computers for determining if they can be infected, disabling security tools deployed for malware detection, pulling down modules for acquiring long duration stay followed with changing assaults, and employing digital signatures and encryption during interaction among victim clients.

Furthermore, it was discovered that Rovnix's controllers apparently bought certain package of Web-injections that could suit itself with any banking website's template. Softpedia posted this, January 12, 2016.

Rovnix's authors use the web-injections to view the social engineering matter that a banking site carries. The viewing is as it would be from a contaminated user's Web-browser. Rovnix uses the injections to alter major portions of the actual web-page of a bank's portal. This then deceptively makes the victimized site visitor to give away the token alternatively second password required to carry out the resulting fake transaction.

Occasionally, the package of Web-injections even entices victims to download one sinister banking application for Android that lets the Rovnix operators capture SMS authorization programs at the time of hacking the account followed with conducting fake transactions.

ยป SPAMfighter News - 1/18/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page