Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
A new campaign now called “Operation Overtrap” is found infecting victims with its payload. Online Banking Users are being targeted Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan. The campaign mainly targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack. The campaign uses three different attack vectors to steal its victims’ banking credentials:
• By sending spam emails with a phishing link to a fake banking website
• By sending spam emails asking victims to execute a disguised malware’s executable downloaded from a linked phishing page.
• By using a custom exploit kit to deliver malware via malvertising
Below is the work flow of operation overtrap.
It exploits CVE-2018-15982, a Flash Player use after free vulnerability, as well as CVE-2018-8174, a VBScript remote code execution vulnerability. Victims will be infected with BottleEK’s payload if they access this particular exploit kit’s landing page with unpatched or outdated browsers.
Cinobi has two versions — the first one has a DLL library injection payload that compromises victims’ web browsers to perform form-grabbing. This Cinobi version can also modify web traffic sent to and received from targeted websites. Our investigation found that all the websites that this campaign targeted were those of Japan-based banks. Aside from form-grabbing, it also has a webinject function that allows cybercriminals the ability to modify accessed webpages. The second version has all the capabilities of the first one plus the ability to communicate with a command-and-control (C&C) server over the Tor proxy.
Domain Name
MD5
SHA-256
URL