Citadel botnet resurges to storm Japanese PCs
Through investigation and collaboration between our researchers and engineers, we discovered a malicious online banking Trojan campaign targeting users in Japan, with the campaign itself ongoing since early June of this year. We’ve reported about such incidents in the past, including in our Q1 security roundup – and we believe this latest discovery shows that those previous attacks have been expanded and are a part of this particular campaign.
We discovered the online banking Trojan involved in this campaign to be a variant of the Citadel family. Citadel variants are well-known for stealing the online banking credentials of users, directly leading to theft.
We’ve identified at least 9 IP addresses serving as its command and control(C&C) servers, most of them detected to be belonging in the US and Europe. Monitoring these servers, we also discovered that 96% of the connections to these servers are coming from Japan – further proof that the most of the banking trojan infections are coming from that one specific country.