July 6, 2016
Authorities in Japan have issued a national alert after detecting a surge in banking trojans targeting the country’s citizens, among which a key role played the rising wave of BEBLOH infections.
BEBLOH is a banking trojan that first appeared in 2009, and according to a Symantec report from March, it was the sixth most popular banking trojan of 2015.
The malware works in a similar way to other banking trojans, meaning it will inject itself into browser processes, also FTP and email clients, and collect the user’s credentials. This data is then later used to commit fraudulent banking transactions.
BEBLOH comes with tricks to avoid antivirus detection, such as hiding in the computer’s memory and hollowing out system processes.
According to a Trend Micro investigation, the trojan’s authors switched their targeting from Europe to small Japanese banks towards the end of 2015.
First signs of trouble appeared in December 2015, when the company detected 324 infections in the country alone. The number quickly rose to 2,562 in March 2016.
Along with the quick rise in BEBLOH infections, authorities also detected increased activity from other banking trojans such as URSNIF and ZBOT.