82,000 PCs in Japan, worldwide infected with virus harvesting banking passwords
About 44,000 of the infected PCs are in Japan, whilst the remaining 38,000 are in Asia, North America and Europe. According to a statement from the Metropolitan Police Agency of Japan, the virus steals private information such as passwords while conducting online banking transactions. The money is then remitted to third-party accounts.
Vawtrak was originally spotted in August 2013, that version stole details from several Windows email clients, the more recent have expanded their capabilities to include a wider range of theft, server software company Trend Micro says. Among these capabilities are stealing banking credentials and credit card information.
— PhishLabs (@phishlabs) December 19, 2014
“The increase in banking malware that target banks in Japan can be attributed to the increase in information stealing malware such as TSPY_AIBATOOK that have added capabilities allowing the malware to steal banking credentials,” says Trend Micro.
According to the Japanese police last year 1,876 cases of unauthorized transfers were identified in Japan. The total stolen was estimated at 2.90 billion yen, or $24 million.
For Japan, the police have appealed to hundreds of local providers to contact the users of the infected PCs. Tokyo police and information security firm SecureBrain Corp. have reportedly developed a way to disable the virus successfully on some computers.
Police managed to gain remote-control of one of the server groups that was instructing the infected computers and are now using it to neutralize the terminals from the virus, the Japan News reported.
With regards to the remaining 38,000 infected computers an investigation is underway by the International Criminal Police Organization (INTERPOL).