Breach, Compliance Management, Data Security, Privacy, Vulnerability Management

Brolux trojan targets Japanese banking users, distributed through adult site

Japanese online banking users are the target of a newly detected banking trojan, dubbed Win32/Brolux.A, which is spread through two vulnerabilities distributed by an adult website, security researchers at ESET said in a Thursday post.

The trojan takes advantage of a vulnerability in Flash that was revealed after the Hacking Team itself was hacked as well as a vulnerability called the unicorn bug, which was discovered last year in Internet Explorer.

When a potential victim visits the adult site, the exploits attempt to steal personal data by installing a signed malicious binary, the researchers said, underscoring the importance of updating and patching software. They noted that Win32/Brolux.A uses a “slightly modified version” of the proof of concept code for the IE vulnerability that has been out for a while. And a working exploit of the Flash vulnerability was published as the Hacking Team leak was being analyzed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.