UK banking customers have been warned that advanced trojan malware Shifu has migrated from Japan to covertly target and take over their accounts. IBM Security X-Force cybersecurity evangelist, Limor Kessem, explained in a blog post that the banking trojan – discovered less than a month ago – now has 18 UK targets and has ramped up activity to infect hundreds of endpoints per day. Online banking and wealth management customers are first led via email spam to websites infected with the Angler Exploit Kit.
Kessem continued: “Although Angler is used by many cybercriminals, they all rely on its ability to evade security mechanisms and its multistep attack technique. To keep automated security off its tracks, Angler attacks are based on a redirection scheme that begins with a clean page or advertising banner and eventually lands on an Angler-poisoned page. The victim’s endpoint is then scanned for the corresponding vulnerabilities, followed by exploitation and the eventual payload drop.”
Shifu first came to light at the beginning of September. It includes a variety of features copied from existing banking trojans, including the domain generation algorithm from Shiz and obfuscation and sandbox disabling from Zeus, IBM said at the time.
View full story