nProtect, a global internet and mobile security provider, recently discovered a new type of Trojan malware dubbed as KRBanker that is targeting specifically the end-users of Korean financial institutes. members of NProtect's ISARC ( Internet security analysis reporting center) that collects and analyzes malware from around the world quickly updated nProtect Online Security - a layered security solution that protects users from malware, phishing, pharming, DNS changing, screen shot, and keystroke logging- to detect and remove the malware.
Online fraudsters have evolved into professional organized groups that are well-funded by criminals gangs. They have, with the funds they receive from various criminal organizations, more time and resources to research about their target - South Korea’s financial institutes in this case - and often wait months to years to develop, deploy, and infect PCs to steal information. In 2012, over 600 financial institutes have been the target by online fraudsters using Trojan malware.
During the initial stage of the attack by KRBanker, the malware infects the PC by attaching itself to Delphi, stops any antivirus software, and reports the infection status to the command and control (C&C) server. Then the malware proceeds to download encrypted files on the victim's PC.
In the second stage, KRBanker scans the PC for lists of DLLs that are related to Korean financial institutes and security software and patches any opcode instructions. The inserted code will search and collect any information related to password, account details, and transaction history. The compiled information is then sent to a remote server.
KRBanker will also collect digital certificates in the PC's NPKI directory. These unique digital certificates used both by individuals and corporate are normally used for all financial purposes such as banking, credit card, insurance, and more. The hacker will collect digital certificates, password, account details, and screenshot information to gain fraudulent access to the victim's account.
After discovering KRBanker, which is distributed worldwide but concentrated mainly in Korea, nProtect released updates for nProtect Online Security to prevent any financial damages on the end-user's side (Free trial of nProtect Online Security can be downloaded at www.nProtect.com).
Hackers are constantly modifying and updating their methods to steal online banking information for financial gains. They are evolving as fast, or faster, than security solutions offered by financial institutes. This makes it crucial for both the online banking customers and the financial institutes to perform periodic risk assessment to find any loopholes or risk issues and develop appropriate measures to prevent the risks.
About nProtect, Inc.
Founded in January 2000, nProtect, also known as INCA Internet, is headquartered in San Jose, California and provides online and mobile banking/payment security to financial institutions. Over 100 million endpoint users from more than 1,020 organizations rely on nProtect’s online security solutions to secure their computer and mobile devices against malware, phishing, and number of other security threats while meeting regulatory compliance requirements such as FFIEC Guidance. Global financial institutions such as Bank of America, Deutsche Bank, ING, and HSBC trust and use nProtect security solution.
nProtect was awarded one of the Fastest Growing Companies by Deloitte.
For more information, contact nProtect Inc.
Tel: 408-477-1742
Email: sales@nProtect.com
www.nProtect.com