The Hacker News Logo
Subscribe to Newsletter

KRBanker Malware Targeting Korean Financial Institutions

A recently discovered piece of malware called KRBanker (Korea + Banker = KRBanker) , targeting mostly online end-users at Korean financial institutions.

According to nProtect, now an invasive banking Trojan, the new and improved KRBanker can block anti-virus software, security websites and even other malware in its quest to steal user information and share it with hackers.
Then the malware pings back to the command and control (C&C) server with infection status and then the malware proceeds to download encrypted files on the victim’s PC.

In the latest variant of the KRBanker malware, scans the PC for lists of DLLs that are related to Korean financial institutions, security software and patches any opcode instructions. 

Malware instructed to insert the malicious code that will search and collect any information related to password, account details, and transaction history. Once logged, the compiled information is then sent to a remote server. 

KRBanker will also collect digital certificates in the PC's NPKI directory. These unique digital certificates used both by individuals and corporate are normally used for all financial purposes such as banking, credit card, insurance, and more. 

The hacker will collect digital certificates, password, account details, and screenshot information to gain fraudulent access to the victim's account.

After discovering KRBanker, which is distributed worldwide but concentrated mainly in Korea, nProtect Online Security quickly update their antivirus solution to defend against this malware. 

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.