Operation Overtrap – Hackers Attack Online Banking Users Via Bottle Exploit Kit & Banking Malware


You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.


This new harmful campaign is entitled as “Operation Overtrap,” and experts have actually asserted that the opponents are utilizing the three-pronged attack in this campaign. In this campaign, they are generally targeting and taking the banking qualifications of the users from Japan.

Spam e-mails are used with a phishing link that masked as a banking website.
Victims are asked to run a malicious executable downloaded from the linked phishing page that was sent out via spam e-mails.
Hazard actors provide the malware through malvertising using a custom make use of.

The threat actors have actually utilized Cinobi banking trojan in this project, and the security scientists have affirmed that the banking tojan that is used in Operation Overtrap has two variations.

The very first variation of Cinobi uses a DLL library injection payload, and likewise has the capability to customize the web traffic.
The second version of Cinobi offers the capability to change the accessed web pages utilizing the web inject function. This second one brings all the skill that the first one offers, as well as it likewise has the capability to interact over the Tor proxy with a command-and-control (C&C) server.

Initially, this destructive, Bottle Exploit Kit (BottleEK) was observed by the security analysts on September 29, 2019; and they discovered that the attackers provided a brand-new intricate banking trojan, known as “Cinobi”, rather of dropping a tidy file.

Accept best security practices to defend themselves and their systems against such attacks.
IT groups in organizations should have a central details event system.
Organisations ought to train their staff members to make them aware of such hazards, and report any suspicious activities.
Organisations need to routinely upgrade their systems to avoid the opponents from benefiting from any security holes.
Organisations must utilize enterprise-level security tools, and firewall programs.

Cinobi Banking Trojan.

A range of attack vectors are used to steal the banking credentials in this “Operation Overtrap” campaign by the enemies. Thats why the experts at Trend Micro have highly recommended organisations and users to:-.

Cybersecurity specialists at Pattern Micro have actually just recently discovered a brand-new malicious campaign, through which threat stars can trap or infect its victims with its several sophisticated payloads.

Assault Vectors Used.

CVE-2018-15982: A Flash Player use after free vulnerability.
CVE-2018-8174: A VBScript remote code execution vulnerability.

The aggressors used the Bottle Exploit Kit (BottleEK) to provide the “Cinobi” banking trojan by exploiting 2 security flaws, and here they are discussed below:-.

Considering that April 2019 this destructive campaign, “Operation Overtrap” is active, and solely infecting Japanese users to take their banking credentials.

In this project to spread and push this “Bottle Exploit Kit”, the risk actors have utilized a malvertising project which is targeted at users from Japan only.

Bottle Exploit Kit.

Bottle exploit kit.
Cinobi banking trojan.

By following the above-mentioned mitigations an organisation or user could quickly prevent the danger actors from making use of any security holes; and protect their networks.

The analysis report of Trend Micro claims the following attack vectors are used by the attackers to spread the infection:-.

According to the Trend Micro report, the risk stars uses three attack vectors in this project to spread the following things to steal banking credentials:-.