Nasty Snifula Trojan starts targeting users in Japan

New Snifula Trojan variant have been spotted by Symantec Security Response team in Japan. the malware have compromised more than 30 financial entities with 12 regional agencies across the country. the malware was firstly discovered in 2006 and were used to steal victims financial accounts using man-in-the-browser (MITB) techniques.

According to Symantec the configuration file in the malware is listing 20 credit card sites with 17 online banking service in Japan, 20% of the malicious activity monitored are coming from hosts in Japan to make it on the second place with Germany while UK have the highest number of infected hosts with 24% of the global infected systems.

Graph for snifulaChart for Snifula distribution sourced Symantec

This type of threats is hard to detect because it is customizable to make it adapted to certain regions, easy to distribute over internet with infected web server and strong authentication will not help because the infected user will perform a covered transaction using the same steps and validation required without detecting the actions performed by the malware.

To protect your system make sure to have the latest update for your antivirus and use only hardened software that provide the protection against the MITB attacks.

Share