• No events
AEC v1.0.4

Cyber Security Info

New sophisticated banking trojan

July 24, 2014

Share Button

Trend Micro has discovered a new sophisticated internet banking fraud named Operation Emmental. Emmental targets users of Swiss, Austrian, Swedish and Japanese banks. The attack is started by phishing when user receives e-mail containing .RTF attachment. It contains another file (disguised .CPL file) which finally downloads and installs the malware. The malware only does two things before deleting itself making its detection quite complicated. It changes DNS servers to those controlled by the attacker and installs fraudulent SSL certificate. That allows attacker to fake legitimate internet banking sites. Upon visiting them, the user is also prompted to install Android app that is used to circumvent two-factor authentication via SMS messages. Trend Micro believes that the origin of the malware operation is in Russia or Romania.

Share Button