Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan


A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts.

The application masquerades as an animated porn game, a reward points application, or a video streaming application, Trend Micro researchers Jaromir Horejsi and Joseph C Chen said in an analysis published last week, attributing the operation to a threat actor it tracks as Water Kappa, which was previously found targeting Japanese online banking users with the Cinobi trojan by leveraging exploits in Internet Explorer browser.

Stack Overflow Teams

The switch in tactics is an indicator that the adversary is singling out users of web browsers other than Internet Explorer, the researchers added.

Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan 1

Water Kappa’s latest infection routine commences with malvertisements for either Japanese animated porn games, reward points apps, or video streaming services, with the landing pages urging the victim to download the application — a ZIP archive containing files from an older version of the “Logitech Capture” application dated 2018, but also featuring modified files…

Have a comment? Type it below!