Operation Overtrap – Hackers Attack Online Banking Users Via Bottle Exploit Kit & Banking Malware


A variety of attack vectors are used to steal the banking credentials in this “Operation Overtrap” project by the assailants. Thats why the professionals at Trend Micro have actually strongly advised organisations and users to:-.

Attack Vectors Used.

Because April 2019 this malicious project, “Operation Overtrap” is active, and solely contaminating Japanese users to steal their banking credentials.

Cinobi Banking Trojan.

The first version of Cinobi uses a DLL library injection payload, and also has the ability to modify the web traffic too.
The 2nd variation of Cinobi offers the capability to change the accessed webpages utilizing the web inject function. This second one carries all the ability that the very first one deals, as well as it also has the ability to interact over the Tor proxy with a command-and-control (C&C) server.

Cybersecurity professionals at Trend Micro have recently found a new malicious campaign, through which risk actors can trap or contaminate its victims with its numerous advanced payloads.

Spam emails are utilized with a phishing link that masked as a banking website.
Victims are asked to run a destructive executable downloaded from the linked phishing page that was sent out by means of spam emails.
Risk stars provide the malware through malvertising using a customized exploit.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

This harmful, Bottle Exploit Kit (BottleEK) was observed by the security analysts on September 29, 2019; and they spotted that the attackers provided a new complicated banking trojan, known as “Cinobi”, instead of dropping a clean file.

CVE-2018-15982: A Flash Player usage after totally free vulnerability.
CVE-2018-8174: A VBScript remote code execution vulnerability.

The hazard actors have used Cinobi banking trojan in this campaign, and the security scientists have verified that the banking tojan that is utilized in Operation Overtrap has 2 variations.

This brand-new malicious campaign is entitled as “Operation Overtrap,” and experts have asserted that the enemies are using the three-pronged attack in this project. In this project, they are mainly targeting and taking the banking credentials of the users from Japan.

Bottle make use of package.
Cinobi banking trojan.

The analysis report of Trend Micro declares the following attack vectors are used by the assailants to spread the infection:-.

In this campaign to spread and push this “Bottle Exploit Kit”, the risk actors have used a malvertising project which is targeted at users from Japan just.

The attackers used the Bottle Exploit Kit (BottleEK) to deliver the “Cinobi” banking trojan by making use of 2 security defects, and here they are pointed out below:-.

Bottle Exploit Kit.

By following the above-mentioned mitigations an organisation or user might easily avoid the threat stars from making use of any security holes; and secure their networks.

Embrace best security practices to protect themselves and their systems versus such attacks.
IT groups in companies need to have a centralized info gathering system.
Organisations should train their staff members to make them conscious of such threats, and report any suspicious activities.
Organisations should routinely upgrade their systems to avoid the opponents from benefiting from any security holes.
Organisations need to utilize enterprise-level security tools, and firewall softwares.

According to the Trend Micro report, the threat stars uses 3 attack vectors in this project to spread out the following things to steal banking credentials:-.