Light Dark
July 7, 2016 By Larry Loeb 2 min read

URLZone is a banking Trojan that first appeared in 2009, according to Softpedia, but it has maintained its cybercrime status and ranked sixth on the list of most active Trojans in 2015.

The threat hasn’t slowed in 2016, either. In fact, it has Japanese authorities issuing a national security alert in response to a recent cyber assault on the Japanese banking industry.

Japanese Banking Trojans

Trend Micro just released a report that pointed out a new campaign from URLZone (sometimes also referred to as BEBLOH or Shiotob). It noted that the Trojan grew from 324 detections in Japan in December 2015 to more than 2,500 in March 2016. This is particularly worrisome because the threat avoids antivirus detection, using techniques such as hiding in the computer’s memory as well as hollowing out system processes.

Being active in Europe and then switching to focus on Japan is a ploy that was also used by the Rovnix Trojan early this year. Rovnix first made itself known in late 2015 before adding some new Japanese banking targets to its phishing target list.

The Trend Micro report also discussed a security alert issued by Japanese officials. It reported that “rural banks and credit unions have been targeted apart from major banks. They have reported that 2015 reflected the country’s biggest loss to banking Trojans, amounting to about 2.65 billion yen or $25.8 million.” That number may grow dramatically if URLZone gains steam.

Other banking Trojans causing problems in Japan are URSNIF and ZBOT, the report stated.

How to Avoid These Threats

The Japanese linguistic structure was believed by many to be an effective deflector of Europe-based banking Trojans, but that does not currently seem to be the case with URLZone.

URLZone presents itself as an email attachment to an invoice. Opening that attachment invokes a downloader that goes to its command-and-control (C&C) server to call the program that does the actual breaching. Once that is successful, it grabs all the banking credentials it can get and shoots them off to the C&C.

The lesson here is a familiar one: Don’t open unknown attachments even though they entice you with some sort of wonderful offer. Just say no and stay safe from these threats.

 |  |  |  |  | 
Larry Loeb
Principal, PBC Enterprises

More from

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

February 14, 2025

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

February 13, 2025

How red teaming helps safeguard the infrastructure behind AI models

4 min read - Artificial intelligence (AI) is now squarely on the frontlines of information security. However, as is often the case when the pace of technological innovation is very rapid, security often ends up being a secondary consideration. This is increasingly evident from the ad-hoc nature of many implementations, where organizations lack a clear strategy for responsible AI use.Attack surfaces aren’t just expanding due to risks and vulnerabilities in AI models themselves but also in the underlying infrastructure that supports them. Many foundation…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature