Cybercrooks are targeting Japanese smut site aficionados with a new banking Trojan run.
Aibatook malware is targeting customers of Japanese banks who are also
visitors on some of the country's most popular pornographic websites.
Security researchers at anti-virus firm ESET estimated that more than 90 smut sites have been contaminated with malicious code.
malware relies on exploiting a Java security flaw that was patched more
than a year ago to push Aibatook onto the machines of Windows PCs. More
specifically users visiting compromised sites, are redirected towards
an exploit page that attempts to take advantage of Java vulnerability (CVE-2013-2465)
patched in June 2013. Attacks involved displaying an 404 error page to
mask the fact that the PC is silently running a malicious Java applet.
whole attack relies on a single Java exploit rather than the standard
approach of planting an exploit kit on a compromised websites. Exploit
kits attempt to exploit a raft of common browser and other application
software vulnerabilities (Adobe Flash, Java etc) to drop malware onto
PCs that are not up to date with their patches.
Once the Aibatook
malware is installed, it waits for victims to log into online banks with
Internet Explorer (the most widely used browser in Japan). The
malicious code is designed to inject fraudulent forms onto page that are
designed to trick banking customers into handing over confidential
banking login information.
Stolen data is then sent to the
criminals behind the Aibatook malware campaign via a command-and-control
server. The attack - explained in greater depth in a blog post by ESET here - illustrates the importance of keeping up to date with patches.
researchers warn the same crooks behind the Aibatook attack have
created newer versions of the malware, capable of stealing credentials
from users of web-hosting services and domain resellers.