Trojan Used to Direct Customers of South Korean Banks to Phishing Sites

Trend Micro experts have analyzed this phishing campaign

Experts have come across a piece of malware that redirects the customers of several South Korean financial institutions to a website that’s designed to trick them into handing over their personal and financial details.

The Trojan in question, detected by Trend Micro as TSPY_QHOST.QFB, modifies the infected computer’s HOSTS file to redirect users to an IP address located in Japan.

Once on the phishing site, victims are asked a couple of questions about computer security, after which they’re instructed to obtain a security certificate.

This is where the “fun begins.” Victims are asked to hand over their name, Korean resident registration number, phone number, account number, password, user ID, associated password, and the certificate password.

“These phishing sites abuse the trust that users have in their banks to get financial and personal information from users,” Trend Micro’s Roddell Santos noted.

“They are made to think that they are entering their information in the bank’s real online banking site, when in fact they are not. Instead, the information ends up in the hands of the attackers who created this malware.”

Hot right now  ·  Latest news