Citadel malware active on 20,000 PCs in Japan, says Trend Micro

The malware, which steals financial and login info, is actively sending data to servers in the U.S. and Europe

Citadel malware is installed on over 20,000 PCs in Japan and actively sending financial information it harvests to servers abroad, according to security software vendor Trend Micro.

Tokyo-based Trend Micro said it monitored remote servers in the U.S. and Europe that collect data gathered by Japanese versions of the malware for six days last week. On some days there were nearly 230,000 connections made from 20,000 infected computers.

The malware has been designed specifically to target domestic users, collecting financial details corresponding to six Japanese financial institutions as well as popular services such as e-mail from Google, Yahoo and Microsoft.

"Damage from this tool for online banking fraud is still continuing today," Trend Micro said in a Japanese security blog.

The security firm said it detect IP addresses from at least nine remote servers that are being contacted regularly by copies of Citadel on infected computers. It said over 96 percent of the contact comes from PCs in Japan.

Citadel is malware that can modify or replace websites opened on the computers it infects. It then collects log-in details and other private information and sends it to remote servers. Some varieties also block access to anti-virus sites to prevent users from cleaning their computers.

The software allows malicious users to create networks, or botnets, of infected PCs that harvest details and send them to remote servers. It can be customized to mimic specific sites in different countries.

Last month Microsoft and the U.S. Federal Bureau of Investigation worked together to disrupt 1,400 Citadel botnets that the company said were responsible for over half a billion dollars in financial losses worldwide.

The action disrupted many existing Citadel botnets, but anyone with a builder application can create customized versions and launch an operation of their own.

Highly-customized versions of the malware, with detailed content localization and advanced techniques to corrupt browser software, have also popped up across Europe since the Microsoft action.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags fraudmalwaretrend micro

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jay Alabaster

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?