Win32/Spy.Ranbyus modifying Java code in RBS Ukraine systems
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Win32/Spy.Ranbyus modifying Java code in RBS Ukraine systems | |
|---|---|
| Botnet | Ranbyus |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-12-19 |
| Editor/Conference | ESET |
| Link | http://blog.eset.com/2012/12/19/win32spy-ranbyus-modifying-java-code-in-rbs blog.eset.com (blog.eset.com Archive copy) |
| Author | Aleksandr Matrosov |
| Type | |
Abstract
“ I’ve already mentioned the Win32/Spy.Ranbyus family in my previous blog post about smartcard monitoring in modern banking malware (Smartcard vulnerabilities in modern banking malware). It displays really interesting functionality because it shows how it is possible to bypass payment transaction signing/authentication with smartcard devices. We have been tracking the latest modification to this malware family and the trojan Ranbyus has started to modify java code in one of the most popular remote banking systems (RBS) in the Ukraine, BIFIT's iBank 2. ESET Virus Radar statistics show that Ukraine is the region most affected ever by Ranbyus infection.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1269,
editor = {ESET},
author = {Aleksandr Matrosov},
title = {Win32/Spy.Ranbyus modifying Java code in RBS Ukraine systems},
date = {19},
month = Dec,
year = {2012},
howpublished = {\url{http://blog.eset.com/2012/12/19/win32spy-ranbyus-modifying-java-code-in-rbs blog.eset.com}},
}