The Cinobi banking Trojan made its first moves in 2020 when its operators went after users in Japan. Surprisingly, they severely limited the scope of the Trojan by relying on a set of two exploits, which only worked in Microsoft Internet Explorer. However, it appears that the Cinobi banking Trojan is back once again, and this time the group behind it appears to be exploring new techniques, tools, and exploits.
The recent campaign relies heavily on social engineering and malvertising to deliver the dangerous payload. Some of the bogus content used by criminals to spread the Cinobi banking Trojan includes free porn games, bogus reward point programs, and video streaming-related apps. Naturally, innovative infection vectors have rapidly increased the number of victims of the Cinobi banking Trojan and these criminals are also using this Trojan to try to steal cryptocurrency accounts.
Once a victim is infected, Cinobi will start working in the background to monitor the user’s online activity. If it detects that the victim tries to access one of the online financial portals targeted by the Trojan, the payload will proceed to grab anything entered on the website’s login form. The data is stored in a hidden folder and contains the website, date, username, password, session ID and other information.
While most modern banking Trojans target Android, we still come across Windows-compatible threats like Cinobi. These attacks are very dangerous, because it is possible that users have no idea that cybercriminals are hijacking their login credentials, so it is very important to take security measures when browsing the Internet such as:
▸Use an antivirus application and also remember that it is very important to keep them updated
▸Be very careful when interacting with unknown sites and files which may seem risky
▸Never download apps and installers from untrusted sources
Related topics:
Tetrade family of banking Trojans
Dridex is a malware that targets banking credentials
Janeleiro is a threat to personal and banking data
