Newly Discovered Malware Targets Financial Institutions

Share Article

nProtect secures Endpoints from Malware during online banking and payment sessions.

News Image

nProtect, a global Internet and mobile security provider, recently discovered a new type of Trojan malware dubbed as KRBanker, targeting mostly online end-users at Korean financial institutions. Members of NProtect's ISARC ( Internet Security Analysis Reporting Center) that collects and analyzes malware from around the world quickly updated nProtect Online Security - a layered security solution that protects users from malware, phishing, pharming, DNS changing, screen shot, and keystroke logging- to detect and remove the malware. 

Online fraudsters have evolved into professional organized groups that are well-funded by criminals organizations. With the funds they receive from various criminal organizations, online fraudsters have more time and resources to research and plan attacks on their targets - South Korea’s financial institutions in this case - and often wait months to years to develop, deploy, and infect PCs to steal information. In 2012, over 600 financial institutions were the target of online fraudsters using Trojan malware. 

During the initial stage of the attack by KRBanker, the malware infects the PC by attaching itself to Delphi, stops any antivirus software, and reports the infection status to the command and control (C&C) server. Then, the malware proceeds to download encrypted files on the victim's PC. 

In the second stage, KRBanker scans the PC for lists of DLLs that are related to Korean financial institutions, security software and patches any opcode instructions. The inserted code will search and collect any information related to password, account details, and transaction history. The compiled information is then sent to a remote server. 

KRBanker will also collect digital certificates in the PC's NPKI directory. These unique digital certificates used both by individuals and corporate are normally used for all financial purposes such as banking, credit card, insurance, and more. The hacker will collect digital certificates, password, account details, and screenshot information to gain fraudulent access to the victim's account. 

After discovering KRBanker, which is distributed worldwide but concentrated mainly in Korea, nProtect released updates for nProtect Online Security to prevent any financial damages to end-users (Free trial of nProtect Online Security can be downloaded at 

Hackers are constantly modifying and updating their methods to steal online banking information for financial gains. They are evolving as fast, or sometimes faster than security solutions offered by financial institutions. This makes it crucial for both the online banking customers and the financial institutions to perform periodic risk assessment to find any vulnerabilities and develop appropriate measures to prevent the risks. 

About nProtect, Inc.

Founded in January 2000, nProtect, also known as INCA Internet, is headquartered in San Jose, California and provides online and mobile banking/payment security to financial institutions. Over 100 million endpoint users from more than 1,020 organizations rely on nProtect’s online security solutions to secure their computer and mobile devices against malware, phishing, and number of other security threats while meeting regulatory compliance requirements such as FFIEC Guidance. Global financial institutions such as Bank of America, Deutsche Bank, ING, and HSBC trust and use nProtect security solution.

nProtect was awarded one of the Fastest Growing Companies by Deloitte.

For more information, contact nProtect Inc.
Tel: 408-477-1742
Email: sales (at) nProtect (dot) com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Don Lee
Email >
Visit website