IBM's X-Force security team is warning of new malware preying on Japanese bank customers. The software nasty is stealthy enough to evade the vast majority of antivirus packages, we're told.
Japanese banks have been something of a low priority for crooks, given the difficulties of performing social engineering tricks using a language that's alien to the vast majority of cyber-crims. Having said that, the Land of the Rising Sun is coming under increasing attack, and this latest one is particularly sneaky.
The scam uses carefully crafted Japanese-language emails that include ZIP files seemingly coming from Russian .ru domains. As well as containing fake invoices, the folders also include the Rovnix malware kit – a complex app suite that has begun circulating on darknet forums.
In some cases, the IBM researchers found the malware also asks its victims to download specific Android applications, which snaffle the two-factor authentication texts sent out to smartphones.
Rovnix isn't in wide circulation. According to IBM, this particular configuration of the malware was detected by only four out of 54 antivirus products tested, although signature files are now being added.
"It is clear that the Japanese financial sector is under attack. It is now recognized as a lucrative target to cybercriminals from Japan and Eastern Europe," Big Blue said.
"IBM X-Force researchers expect Rovnix to continue its attacks in Japan and intensify campaigns in the country. We also expect to see other privately held malware gangs from within the country and Eastern Europe target financial entities in Japan." ®