URLZone is a banking Trojan that first appeared in 2009, according to Softpedia, but it has maintained its cybercrime status and ranked sixth on the list of most active Trojans in 2015.

The threat hasn’t slowed in 2016, either. In fact, it has Japanese authorities issuing a national security alert in response to a recent cyber assault on the Japanese banking industry.

Japanese Banking Trojans

Trend Micro just released a report that pointed out a new campaign from URLZone (sometimes also referred to as BEBLOH or Shiotob). It noted that the Trojan grew from 324 detections in Japan in December 2015 to more than 2,500 in March 2016. This is particularly worrisome because the threat avoids antivirus detection, using techniques such as hiding in the computer’s memory as well as hollowing out system processes.

Being active in Europe and then switching to focus on Japan is a ploy that was also used by the Rovnix Trojan early this year. Rovnix first made itself known in late 2015 before adding some new Japanese banking targets to its phishing target list.

The Trend Micro report also discussed a security alert issued by Japanese officials. It reported that “rural banks and credit unions have been targeted apart from major banks. They have reported that 2015 reflected the country’s biggest loss to banking Trojans, amounting to about 2.65 billion yen or $25.8 million.” That number may grow dramatically if URLZone gains steam.

Other banking Trojans causing problems in Japan are URSNIF and ZBOT, the report stated.

How to Avoid These Threats

The Japanese linguistic structure was believed by many to be an effective deflector of Europe-based banking Trojans, but that does not currently seem to be the case with URLZone.

URLZone presents itself as an email attachment to an invoice. Opening that attachment invokes a downloader that goes to its command-and-control (C&C) server to call the program that does the actual breaching. Once that is successful, it grabs all the banking credentials it can get and shoots them off to the C&C.

The lesson here is a familiar one: Don’t open unknown attachments even though they entice you with some sort of wonderful offer. Just say no and stay safe from these threats.

More from

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…