[1]New Variant of Ursnif Targeting Japan by Kevin Townsend:

    A new variant of the Ursnif trojan has been discovered targeting
    Japan since the beginning of 2019. Japan is a common target for
    Ursnif, but the latest version, delivered by Bebloh, goes to
    increased lengths to ensure that the victim is indeed Japanese.
    New variants of Ursnif are not uncommon since the source code was
    leaked in 2015, but this version also includes enhanced data theft
    modules for stealing data from mail clients and email credentials
    stored in browsers. Other new developments, according to Cybereason
    [2]research, include a new stealthy persistence module, a
    cryptocurrency and disk encryption module, and an anti-PhishWall (a
    Japanese security product) module.
    …
    This version of Ursnif also adds some anti-security product
    capabilities aimed at defeating PhishWall and Rapport. PhishWall is
    a popular Japanese anti-phishing and anti-banking trojan
    application, and anti-PhishWall modules have been used by other
    trojans in the past (such as Shifu and Bebloh).
    The anti-Rapport module is designed to defeat IBM Trusteer's
    [3]Rapport product. This is not new, but not often seen in malware
    targeting Japan. The code seems to be based on - if not copy/pasted
    from - Carberp's anti-Rapport code (which is freely available on
    GitHub). Cybereason notes that it has tested neither the PhishWall
    nor the Rapport module, so cannot attest to their efficiency.
    Cybereason is unsurprised by the new concentration on data stealing
    highlighted by the new version of Ursnif. "With more and more
    banking customers shifting to mobile banking and the continuous
    hardening of financial systems," writes the researcher, "it is not
    surprising that trojans are beginning to focus more than ever before
    on harvesting non-financial data that can also be monetized and
    exploited by the threat actors."
    But what stands out from this campaign, he adds, "is the great
    effort made by threat actors to target Japanese users. They use
    multiple checks to verify that the targeted users are Japanese, as
    opposed to other more prolific trojans and information stealers that
    cast a wider net when it comes to their victims."
    __________________________________________________________________

  My original entry is here: [4]New Variant of Ursnif Targeting Japan. It
  posted Mon, 18 Mar 2019 23:00:58 +0000.
  Filed under: business, Japan,

References

  1. https://www.securityweek.com/new-variant-ursnif-targeting-japan?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Securityweek+(SecurityWeek+RSS+Feed)
  2. https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features
  3. https://www.securityweek.com/ibm-acquire-trusteer-effort-boost-anti-cybercrime-capabilities
  4. https://www.prjorgensen.com/?p=2668

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.