Cinobi Banking Trojan Threatens Cryptocurrency Users

Cinobi Banking Trojan Threatens Cryptocurrency Users

Last updated on November 1st, 2022 at 12:23 am

Japan has been the target of a newly developed ‘malvertising’ campaign, which delivers a hostile application to install a banking Trojan on vulnerable Windows computers and devices.

The main aim of this malware is to steal important information about the individual users’ crypto accounts.

The malicious application takes different forms, with some mimicking animated pornographic games while others mimic video streaming applications.

Trend Micro investigators Jaromir Horejsi and Joseph Chen revealed that the Trojan attacks trace back to Water Kappa, a threat perpetrator with a history targeting online bankers in the Japanese market using the Cinobi Trojan.

In this pursuit, Water Kappa takes advantage of the vulnerabilities of the Internet Explorer browser to attack users of online banking.

Sophisticated Hacking Software

The homepages of these malware hackers urge the owners or users of the device to download the said application. This application is in a ZIP archive, which contains files that bear Logitech Capture’s previous version, an application that dates back to 2018.

The archive is also composed of changed files that have been redesigned to decrypt and install shellcodes to activate the functioning of the banking Trojan, Cinobi.

The Trojan is also constructed to steal the usernames of eleven different Japan-based financial entities and their respective passwords.

Out of the eleven, three of the institutions are active players in crypto trading. In so doing, Cinobi activates its form-grabbing application every time a user visits the platform and records the login details.

There is a big chance that the malicious actors copy these advertisements from valid websites. They then make slight adjustments to corrupt them before applying them to places where users will meet them.

Among the modifications made include the elimination of certain buttons from the websites and the complete alteration of some information categories. Finally, they provide misleading information to trick users into downloading and running the applications on their devices.

The Cinobi banking Trojan operates in stages, each of which leads the user to run more destructive components of the malware and lead the Trojan deep into a system where it gets more and more control.

Ideal Targets For Cinobi Trojan

As evidenced by their change of tact, the threat actor targets users with compromised web browsers. With the banking Trojan, Water Kappa starts with advertisements packaged with malware taking the form of porn games, video streaming services or point apps for rewards.

The malvertising maneuver is evidence of the existence of the Water Kappa while at the same time indicating that he has diversified from online banking to the crypto space. His infrastructure and methods are an enabler for financial as well as crypto gain.

For users to protect themselves from infection by the Cinobi Trojan, they need to remain watchful and keen about any advertisement that looks doubtful. One should also be cautious about the suspicious websites you visit and make sure that any efforts to download applications are done from trusted and authentic sources.


The information provided here is for INFORMATIONAL & EDUCATIONAL PURPOSES ONLY!

View our complete disclaimer on our Disclaimer Page