Categories: NewsSecurity

Blackmoon Banking Trojan Uses Three-tiered Malware Delivery Technique

Banking Trojans have often been a favorite tool among criminals looking for financial gain. Blackmoon is one of the most recent banking Trojans making the rounds, yet it caused quite a lot of confusion. Up until a few days ago, security experts were unsure how the malware spreads itself. It appears that the mystery has been finally uncovered, although that doesn’t mean Blackmoon becomes less of a threat.

Blackmoon Banking Trojan is A Big Problem

Dealing with new types of malware is annoying enough, but not knowing how it is distributed is one of the worst possible scenarios. This was the case for the Blackmoon banking Trojan

, albeit security researchers finally uncovered how the malware is distributed. It appears a new framework is being used to infect victims all over the world.

Blackmoon, also known as KRBanker, is designed to steal user credentials for online banking portals. Interestingly enough, this malware has been around since 2014 and has undergone several iterations and improvements over the past few years. The latest update comes in the of using this new framework to infect new victims. It is worrisome to learn such a banking Trojan can be around for nearly three years without being shut down, though.

This new framework to infect potential victims uses a three-tiered approach. It is something security researchers have not come across before, which is a very troublesome development. Moreover, it goes to show the Blackmoon developers have put a lot of thought into this new approach, rather than rehashing something a different developer came up with.

Related Post

Three separate downloader pieces work together to determine the next potential victim for Blackmoon. Once the Trojan is installed, it will start looking for login credentials to popular financial services. This includes the likes of Samsung Pay, as well, which means mobile payment solutions have now become a prominent target for criminals. Other – mainly South Korean – financial solutions are targeted as well by this banking Trojan.

The first part of the malware downloader is sent through phishing campaigns or exploit kits. In this file is a hard-coded URL requesting additional bytecode to be downloaded. It is unclear where this code is stored, as the developers obfuscate this location. Once the bytecode is downloaded and executed, it will look for the next part to download. A sequential series of events to install a banking Trojan is quite the novelty and may prove very difficult to shut down.

It is also interesting to note Blackmoon will determine whether or not the infected device runs in the Korean language. If that is not the case, the Blackmoon banking Trojan will go dormant. An interesting turn of events, to say the least. For now, the goal is to try and break any obfuscation efforts made by his three downloaded files. That will prove to be quite challenging, though. Rest assured Blackmoon will not go away anytime soon.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Cryptos to Buy Today: Qubetics Presale Hits $2.7M, MicroStrategy Falls After Bitcoin Price Dips, and Ethereum Heist Involves North Korean Hackers

Best Cryptos to Buy Today: Qubetics Presale Hits $2.7M, Bitcoin Price Dips, and Ethereum Heist…

1 hour ago

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

10 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

10 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

10 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

10 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

10 hours ago