Operation Overtrap – Hackers Attack Online Banking Users Via Bottle Exploit Kit & Banking Malware


Since April 2019 this destructive project, “Operation Overtrap” is active, and exclusively contaminating Japanese users to steal their banking qualifications.

The enemies used the Bottle Exploit Kit (BottleEK) to deliver the “Cinobi” banking trojan by making use of 2 security flaws, and here they are pointed out listed below:-.

Cybersecurity experts at Trend Micro have actually recently discovered a new malicious campaign, through which danger stars can trap or contaminate its victims with its a number of advanced payloads.

In this campaign to spread and press this “Bottle Exploit Kit”, the danger actors have actually utilized a malvertising campaign which is targeted at users from Japan only.

CVE-2018-15982: A Flash Player usage after totally free vulnerability.
CVE-2018-8174: A VBScript remote code execution vulnerability.

The first variation of Cinobi provides a DLL library injection payload, and likewise has the ability to modify the web traffic.
The 2nd version of Cinobi uses the capability to modify the accessed webpages using the web inject function. This 2nd one brings all the ability that the first one offers, in addition to it also has the capability to interact over the Tor proxy with a command-and-control (C&C) server.

Embrace finest security practices to safeguard themselves and their systems versus such attacks.
IT groups in companies should have a centralized information event system.
Organisations must train their workers to make them knowledgeable about such risks, and report any suspicious activities.
Organisations should regularly upgrade their systems to prevent the aggressors from benefiting from any security holes.
Organisations need to use enterprise-level security tools, and firewalls.

This brand-new malicious project is entitled as “Operation Overtrap,” and analysts have asserted that the assailants are using the three-pronged attack in this campaign. In this project, they are mainly targeting and stealing the banking qualifications of the users from Japan.

So, by following the above-mentioned mitigations an organisation or user could quickly prevent the hazard stars from making use of any security holes; and protect their networks.

Bottle exploit set.
Cinobi banking trojan.

According to the Trend Micro report, the risk actors utilizes three attack vectors in this campaign to spread out the following things to take banking credentials:-.


This destructive, Bottle Exploit Kit (BottleEK) was observed by the security experts on September 29, 2019; and they identified that the enemies delivered a new complicated banking trojan, understood as “Cinobi”, instead of dropping a tidy file.

The analysis report of Trend Micro declares the following attack vectors are used by the enemies to spread the infection:-.

Bottle Exploit Kit.

A variety of attack vectors are utilized to take the banking credentials in this “Operation Overtrap” project by the aggressors. Thats why the specialists at Trend Micro have strongly suggested users and organisations to:-.

The danger stars have actually utilized Cinobi banking trojan in this project, and the security scientists have actually affirmed that the banking tojan that is used in Operation Overtrap has two versions.

Cinobi Banking Trojan.

Spam emails are utilized with a phishing link that masked as a banking site.
Victims are asked to run a harmful executable downloaded from the linked phishing page that was sent through spam emails.
Risk stars deliver the malware through malvertising using a custom-made make use of.

Attack Vectors Used.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.