Computer Security Rovnix Banking Trojan Targets 14 Japanese Banking...

Rovnix Banking Trojan Targets 14 Japanese Banking Institutions to Heist Login Data

rovnix banking trojan targets japanese banksOne of the most advanced banking Trojans, known as Rovnix, is targeting 14 of the largest banking institutions in Japan.

In what appears to be an aggressive method to collect sensitive financial information, including the banking logins of various banking applications, the Rovnix malware is being aimed at Japan's largest banks. The creators of Rovnix claimed to be the perpetrators behind recent Japanese banking attacks over the internet, used to target European markets. In their latest efforts to compromise banking login credentials and personal information belonging to banking consumers, the Rovnix malware is poised to cause severe damages and potential loss of money.

Revealed by IBM's X-Force researchers, the Rovnix Trojan has a specific target to attack only 14 banks located in Japan. The payload of Rovnix has the ability to inject packages from the dark market (dark web) that may adapt to each bank's portal layout for an effective attack through social engineering. Such techniques enable the Rovnix threat to trick victims into giving up their login details, including a second password or token that may be used for completing a transaction.

The advancements of Rovnix are quite surprising as it includes web injection packages that trick victims into downloading a malicious Android banking app on their smartphone that may intercept SMS authorization codes. Having such codes will enable beached accounts to conduct fraudulent transactions without raising any red flags.

Security experts have found that the spread of Rovnix takes place primarily from spam email messages. The messages root from a .ru domain, which is a Russian Federation domain that points to the infection being something that has initiated from Russian hackers. In the case of the case of Rovnix targets, they all point to Japanese computer users with accompanied spam emails written in Japanese that contain a malicious attachment that installs the Rovnix infection.

What we have come to understand about Rovnix is that it is boot persistent, which means may load upon boots and restarts of an infected system. Such a trait allows Rovnix to survive and remain undetected for extended periods of time, sometimes as long as a year or more.

Current Cyberthreat rankings chart – Source: IBM
rovnix trojan rank among other banking threats

Rovnix has been ranked as the ninth prevalent cyberthreat in the wild, as demonstrated in the chart above. With many other cyberthreats outranking Rovnix, it is apparent that information-stealing threats are extremely sophisticated, and we must all be vigilant and careful in all steps we take on the Internet, even when we access our banking account no matter where we are located.

Loading...