Blackmoon banking trojan returns with new framework
Since last year, Fidelis Cybersecurity Threat Response observed two man-in-the-browser attacks on South Korean financial institutions that used the Blackmoon banking trojan. An earlier attack last July stole credentials of more than 150,000 Korean users.
The July and later attacks had the same goal: stealing login information from financial services website users. The attacks also targeted services from a range of websites where people can manage money including banks, wealth management firms and retirement investment services. Blackmoon, also known as KRBanker or Banbra, captures users’ account name and password when they type them in—the so-called man-in-the-browser attack.