Trend Micro has discovered a malicious campaign named Operation Emmental, which is targeting online banking systems of financial institutions worldwide.
Operation Emmental is a complex operation that involves several components in order to defeat a particular online banking protection system used in several countries. The infrastructure required to pull the attack off is not inconsequential—the attackers need a Windows malware binary, a malicious Android app sporting various banks’ logos, a rogue DNS resolver server, a phishing Web server with several fake bank site pages, and a compromised C&C server.
Emmental is an attack that has very likely evolved over time. The fact that the most salient part of the attack—the PC malware—is not persistent likely helped the attackers keep a low profile. We believe this allowed them to use different infection strategies, not just through emails, although we have not been able to detect any other means.
Operation Emmental campaign is targeting banking sector
by Pierluigi Paganini
Security Affairs
http://securityaffairs.co/wordpress/26900/cyber-crime/operation-emmental-banking.html
Trend Micro has discovered a malicious campaign named Operation Emmental, which is targeting online banking systems of financial institutions worldwide.
A Trend Micro Research Paper
Finding Holes
Operation Emmental
by David Sancho, Feike Hacquebord and Rainer Link
Trend Micro
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf
Operation Emmental is a complex operation that involves several components in order to defeat a particular online banking protection system used in several countries. The infrastructure required to pull the attack off is not inconsequential—the attackers need a Windows malware binary, a malicious Android app sporting various banks’ logos, a rogue DNS resolver server, a phishing Web server with several fake bank site pages, and a compromised C&C server.
Emmental is an attack that has very likely evolved over time. The fact that the most salient part of the attack—the PC malware—is not persistent likely helped the attackers keep a low profile. We believe this allowed them to use different infection strategies, not just through emails, although we have not been able to detect any other means.