July 7, 2016 By Larry Loeb 2 min read

URLZone is a banking Trojan that first appeared in 2009, according to Softpedia, but it has maintained its cybercrime status and ranked sixth on the list of most active Trojans in 2015.

The threat hasn’t slowed in 2016, either. In fact, it has Japanese authorities issuing a national security alert in response to a recent cyber assault on the Japanese banking industry.

Japanese Banking Trojans

Trend Micro just released a report that pointed out a new campaign from URLZone (sometimes also referred to as BEBLOH or Shiotob). It noted that the Trojan grew from 324 detections in Japan in December 2015 to more than 2,500 in March 2016. This is particularly worrisome because the threat avoids antivirus detection, using techniques such as hiding in the computer’s memory as well as hollowing out system processes.

Being active in Europe and then switching to focus on Japan is a ploy that was also used by the Rovnix Trojan early this year. Rovnix first made itself known in late 2015 before adding some new Japanese banking targets to its phishing target list.

The Trend Micro report also discussed a security alert issued by Japanese officials. It reported that “rural banks and credit unions have been targeted apart from major banks. They have reported that 2015 reflected the country’s biggest loss to banking Trojans, amounting to about 2.65 billion yen or $25.8 million.” That number may grow dramatically if URLZone gains steam.

Other banking Trojans causing problems in Japan are URSNIF and ZBOT, the report stated.

How to Avoid These Threats

The Japanese linguistic structure was believed by many to be an effective deflector of Europe-based banking Trojans, but that does not currently seem to be the case with URLZone.

URLZone presents itself as an email attachment to an invoice. Opening that attachment invokes a downloader that goes to its command-and-control (C&C) server to call the program that does the actual breaching. Once that is successful, it grabs all the banking credentials it can get and shoots them off to the C&C.

The lesson here is a familiar one: Don’t open unknown attachments even though they entice you with some sort of wonderful offer. Just say no and stay safe from these threats.

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today