Researchers recently spotted the cyber gang that controls the Rovnix Trojan launching an aggressive campaign against 14 major Japanese Banks.
The campaign has been active since December 2015 and infects users with the Trojan via a downloader hidden in a socially engineered email claiming to be from an international transport company, according to the Jan. 7 threat post. The email is designed to trick victims into downloading the malicious attachment disguised as a waybill.
Once a user is infected, the Trojan uses a web injection mechanism that perfectly mimics the look and feel of the bank webpages in order to trick the victim into divulging the second password or token for the ensuing fraudulent transaction.
Researchers also witnessed instances when the Trojan deployed injections instructing victims to download an Android mobile app containing the Rovnix’s SMS hijacker. The malicious app would then listen for incoming SMS messages from the bank in search of transaction authorization codes.
The mix of language-specific social engineering and mobile malware proves that the gang behind Rovnix has adequately prepared for the campaigns with all the necessary means for defrauding Japanese victims.
The cyber gang responsible for the campaign has also launched similar attacks on European banks as well. Researchers said only four out of 54 antivirus vendors properly detected the Rovnix Trojan at the date of this report (1/11/16).