Updated Blackmoon Banking Trojan Attackers Again Targeting South Korea Banking Accounts

Screenshot from 2016-07-23 10:24:11

A massive campaign identified in South Korea, associated with Trojan known as “BlackMoon Banking Trojan”. According to Fortinet security researchers the same problem was first detected by this company in early April 2014. even after disclosing this matter publicly, the crooks did not suspended the operations. There is only reason found behind this massive BlackMoon Trojan horse is to attack on targeting back located in South Korea. The command and Control server used by this nasty campaign to overtake South Korean banking credentials. This year BlackMoon attackers has been compromised more than 100, 000 South Korean banking account credentials.

The BlackMoon Banking Trojan author use configuration file that explicitly target about more than 60 South Korean financial industry, it means the caretaker only targeting banking institution that are only located in South Korea. Victim attacked by this BlackMoon Banking Trojan are usually redirected to a phishing page that completely look to be genuine page, from this page users login credential are stolen by the attackers. Obviously this trick or method is used for illegal purpose, attackers use this strategies to obtain login details, and other banking information’s.

According to Fortinet researchers a this BlackMoon Banking Trojan is propagating through a Chinese cyber gang to theft banking credential and other valuable information for their benefit. Thanks to Fortinet researchers that able to examine the exposed (C&C) Command and Control Server associated with BlackMoon with and receive its instructions. More than thousands of victim IP addresses and more than 2, 650 samples of BlackMoon found, security researchers also reveals that there are 314 C&C severs is being hosted on 26 different hosting companies. These hosting companies where found to be use in U.S, Hong Kong and China.

According, to current scenario this BlackMoon Banking Trojan is steadily increasing its number of victim specially in South Korea region, through its phishing site portal in order to get and steal huge information and banking details. Although, it is tough to say exact number of victim as their IP address and MAC address is still unidentified.

This article is only written with aim to inform you about this dreadful BlackMoon Banking Trojan which has been become big terror among South Korean Internet Users.

Leave a Comment

Your email address will not be published. Required fields are marked *