The Rovnix Trojan is currently utilized attacking 14 of Japans largest banks and their clients.

Rovnix is known to be among the more advanced banking Trojans and proves also to be hard to detect in this attack.

The attack was originally only detected by 4 out of 54 Anti – Virus vendors, and has also proven very resilient due to a bootkit feature, where the infected systems are re-infected on restart.

The attack is executed by sending malicious e-mails to clients of the banks with an attached invoice from a Japanese company. When the clients open the invoice the malware is activated.

User credentials and passwords are stolen as the malware injects changes into banking websites. While the clients believe they are entering credentials to the bank they are actually giving them to the attackers.

The attackers also tricks banking clients into downloading a malicious version of a mobile banking application, which in turn enables the attackers to receive incoming SMS messages with one-time codes from the bank. Together with the credentials stolen from the web session this would give the attackers full access to the bank account.

The Protectoria Secure Mobile Banking Solution would effectively stop this attack. Our solution enables banking clients with a unique and tamper-proof application, offering a secure running environment for verifying the banking transactions. If the above attack was executed targeting banking clients with our solution, the attacker would get no money and the bank would be immediately warned of a possible on-going attack.

Please, download our How it Works whitepaper for an introduction to our solution or contact us directly for further in-depth information.

References:

http://www.enigmasoftware.com/rovnix-trojan-targets-14-japanese-banks-heist-data/

http://securityaffairs.co/wordpress/43399/cyber-crime/rovnix-malware-hit-japan.html

http://www.infosecurity-magazine.com/news/rovnix-zeroes-japanese-banks/