RegionsAsia Pacific‘Big Bong’ and Corebot among new banking Trojans

‘Big Bong’ and Corebot among new banking Trojans

Among the threats being monitored by Arbor Networks is one targeting South Korean banks and their websites.

Following the cybersecurity alerts issued earlier this week by Kaspersky Lab, US software company Arbor Networks has released has released two new threat intelligence reports detailing a trojan being used to target South Korean banks and a separate banking Trojan believed to be similar to Zeus, Neverquest and Dyreza.

“With financial institutions underpinning whole economies, they’re a particularly choice target vertical for impactful attack,” the company notes.

“Just recently we have seen an attacks on HSBC, Invest Bank and of course, JP Morgan. This has prompted the UK and US governments to carry out “war games” to test the financial services sector’s resistance to a cyberattack.”

Arbor’s security engineering and response team, aka ASERT, reports that South Korean banking websites require the use of a Novell Public Key Infrastructure (NPKI) authentication certificate, and it is this that the Trojan targets. Using this encrypted data the threat actor uses a fake banking site to secure further details, which can then be used to transfer money.

The team has dubbed the banker ‘Big Bong’ and its threat intelligence report, entitled ‘The Big Bong Theory: Conjectures on a Korean Banking Trojan’ offers an in-depth behavioural analysis of the malware from builder to bot and from installation to exfiltration including obfuscation techniques, certificate use, and virtual private network (VPN)-based communications.

South Korea is not the only country being targeted. The ASERT team has also studied the Corebot banking Trojan. Initially discovered and documented last year by researchers at Security Intelligence, it has since evolved rapidly and, in terms of capabilities such as browser-based web injections, become similar to dominant banking malware such as Zeus, Neverquest and Dyreza – although its impact has so far been much more limited.

However, despite its relative newness, Arbor’s ASERT team predicts “the threat posed by Corebot will increase over the next year or so, perhaps following the same track as those malware families that have gone before it” because it is of such a high calibre. You can find further details here:

ASERT began studying and monitoring Corebot shortly after it was initially documented. An in-depth analysis of Corebot’s inner workings are provided in a threat intelligence report entitled ‘Dumping Core: Analytical Findings on Trojan Corebot’ including coverage of its cryptography, network behaviour and banking targets.

Related Articles

China’s regulatory changes stimulate international interest

Asia Pacific China’s regulatory changes stimulate international interest

5m Michael McCaw
Singapore Fintech Festival day four – Investor Summit Deal Day

Asia Pacific Singapore Fintech Festival day four – Investor Summit Deal Day

8m Richard Hartung
Singapore Fintech Festival day three: trade finance, capital markets and financial inclusion

Asia Pacific Singapore Fintech Festival day three: trade finance, capital markets and financial inclusion

8m Richard Hartung
Singapore Fintech Festival day two: blockchain, India's digitalisation and the future of banking

Asia Pacific Singapore Fintech Festival day two: blockchain, India's digitalisation and the future of banking

8m Richard Hartung
Is Asia too risky for corporate investment?

Asia Pacific Is Asia too risky for corporate investment?

8m Richard Hartung
GTreasury & Visual Risk announce partnership to focus on integrated treasury and new markets

Asia Pacific GTreasury & Visual Risk announce partnership to focus on integrated treasury and new markets

10m Guest Writer
Singapore shipping groups to trial blockchain

Asia Pacific Singapore shipping groups to trial blockchain

11m GTNews
IMF warns China on growing debt load

Asia Pacific IMF warns China on growing debt load

11m Graham Buck