After a stint focusing on the Netherlands, a group using the Rovnix Trojan has updated it and repackaged it to steal from the bank accounts of victims in Japan, according to IBM X-Force.

The malware in this exploit, which has persisted in various forms for about five years, has been augmented to avoid being detected, dodge bank security and convincingly mimic bank websites, says Etay Maor, a senior cybersecurity strategist for IBM.

It’s pretty clear from the malware samples IBM X-Force has examined that the Rovnix group in question studied Japanese banks closely and came up with a user interface that closely mimics those of specific banking sites. It’s not just a generic key-logger that steals information and hopes for the best, Maor says.

To read this article in full or to leave a comment, please click here