Malware steals banking credentials from visitors of Japanese porn websites, ESET research reveals
Security researchers from ESET®, a global pioneer in proactive protection for 25-years, have published on welivesecurity.com a detailed analysis of the Win32/Aibatook malware, which targets customers of Japanese banks and visitors to some of the country's most popular pornographic websites.
ESET security researchers have estimated that more than 90 websites are being targeted by the information-stealing criminals. Upon visiting compromised sites, users can be redirected to an exploit page that attempts to take advantage of Java vulnerability CVE-2013-2465, a vulnerability that was patched in June 2013. If a vulnerable Windows computer is identified, a 404 error page is displayed to mask that the PC is silently running a malicious Java applet.
Unlike many of today’s malware which will make use of a multiple vulnerabilities to increase the likelihood of finding a potential victim, this malware campaign, discovered by ESET security researchers, relies on a single exploit.
Once the malware is installed, it waits for victims to log into online banks with Internet Explorer (the most widely-used browser in Japan). Cunningly, the malware injects fraudulent forms onto the page to harvest confidential login information. Stolen data is then sent to the criminals behind the Aibatook malware campaign via a Command and Control server.
ESET reminds all computer users of the importance of patching their computing devices.
“The key message here is for people to understand of patching their computer operating system and applications regularly,” said Joan Calvet, security researcher for ESET. “Software providers continue to simplify the patching process, but it is vital we all install patches from our software providers in a timely way to secure against these types of threats. To put these guys out of business, we all need to be good net citizens.”
ESET researchers also found that those responsible for the Aibatook attack have created newer versions of the malware, capable of stealing credentials from users of web-hosting services and domain resellers.
A detailed analysis of this malware campaign is available at http://www.welivesecurity.com/2014/07/16/win32aibatook/
To read an opinion piece on this research, and the need for computer users to consider removing Java from their computers, visit http://www.welivesecurity.com/2014/07/16/hacked-japanese-porn-sites/ [Graham Cluley's piece]
About ESET ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organizations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world. The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. More information is available from the ESET Press Center.