KRBanker Malware Targeting Korean Financial Institutions
Jun 02, 2013
A recently discovered piece of malware called KRBanker (Korea + Banker = KRBanker) , targeting mostly online end-users at Korean financial institutions. According to nProtect , now an invasive banking Trojan, the new and improved KRBanker can block anti-virus software, security websites and even other malware in its quest to steal user information and share it with hackers. Then the malware pings back to the command and control (C&C) server with infection status and then the malware proceeds to download encrypted files on the victim's PC. In the latest variant of the KRBanker malware, scans the PC for lists of DLLs that are related to Korean financial institutions, security software and patches any opcode instructions. Malware instructed to insert the malicious code that will search and collect any information related to password, account details, and transaction history. Once logged, the compiled information is then sent to a remote server. KRBanker