Citadel malware active on 20,000 PCs in Japan, says Trend Micro

The malware, which steals financial and login info, is actively sending data to servers in the U.S. and Europe

(IDG News Service) on

Citadel malware is installed on over 20,000 PCs in Japan and actively sending financial information it harvests to servers abroad, according to security software vendor Trend Micro.

Tokyo-based Trend Micro said it monitored remote servers in the U.S. and Europe that collect data gathered by Japanese versions of the malware for six days last week. On some days there were nearly 230,000 connections made from 20,000 infected computers.

The malware has been designed specifically to target domestic users, collecting financial details corresponding to six Japanese financial institutions as well as popular services such as e-mail from Google, Yahoo and Microsoft.

"Damage from this tool for online banking fraud is still continuing today," Trend Micro said in a Japanese security blog.

The security firm said it detect IP addresses from at least nine remote servers that are being contacted regularly by copies of Citadel on infected computers. It said over 96 percent of the contact comes from PCs in Japan.

Citadel is malware that can modify or replace websites opened on the computers it infects. It then collects log-in details and other private information and sends it to remote servers. Some varieties also block access to anti-virus sites to prevent users from cleaning their computers.

The software allows malicious users to create networks, or botnets, of infected PCs that harvest details and send them to remote servers. It can be customized to mimic specific sites in different countries.

Last month Microsoft and the U.S. Federal Bureau of Investigation worked together to disrupt 1,400 Citadel botnets that the company said were responsible for over half a billion dollars in financial losses worldwide.

The action disrupted many existing Citadel botnets, but anyone with a builder application can create customized versions and launch an operation of their own.

Highly-customized versions of the malware, with detailed content localization and advanced techniques to corrupt browser software, have also popped up across Europe since the Microsoft action.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags fraudmalwaretrend micro

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jay Alabaster

IDG News Service
Show Comments
Security Watch
Best NBN Plans
Best Mobile Plans

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Back to topHome

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?