Categories: Bitcoin Business

Blackmoon Banking Trojan Uses Three-tiered Malware Delivery Technique

Click here to view original web page at

Banking Trojans have often been a favorite tool among criminals looking for financial gain. Blackmoon is one of the most recent banking Trojans making the rounds, yet it caused quite a lot of confusion. Up until a few days ago, security experts were unsure how the malware spreads itself. It appears that the mystery has been finally uncovered, although that doesn’t mean Blackmoon becomes less of a threat.

Blackmoon Banking Trojan is A Big Problem

Dealing with new types of malware is annoying enough, but not knowing how it is distributed is one of the worst possible scenarios. This was the case for the Blackmoon banking Trojan, albeit security researchers finally uncovered how the malware is distributed. It appears a new framework is being used to infect victims all over the world.

Blackmoon, also known as KRBanker, is designed to steal user credentials for online banking portals. Interestingly enough, this malware has been around since 2014 and has undergone several iterations and improvements over the past few years. The latest update comes in the of using this new framework to infect new victims. It is worrisome to learn such a banking Trojan can be around for nearly three years without being shut down, though.

This new framework to infect potential victims uses a three-tiered approach. It is something security researchers have not come across before, which is a very troublesome development. Moreover, it goes to show the Blackmoon developers have put a lot of thought into this new approach, rather than rehashing something a different developer came up with.

Three separate downloader pieces work together to determine the next potential victim for Blackmoon. Once the Trojan is installed, it will start looking for login credentials to popular financial services. This includes the likes of Samsung Pay, as well, which means mobile payment solutions have now become a prominent target for criminals. Other – mainly South Korean – financial solutions are targeted as well by this banking Trojan.

The first part of the malware downloader is sent through phishing campaigns or exploit kits. In this file is a hard-coded URL requesting additional bytecode to be downloaded. It is unclear where this code is stored, as the developers obfuscate this location. Once the bytecode is downloaded and executed, it will look for the next part to download. A sequential series of events to install a banking Trojan is quite the novelty and may prove very difficult to shut down.

It is also interesting to note Blackmoon will determine whether or not the infected device runs in the Korean language. If that is not the case, the Blackmoon banking Trojan will go dormant. An interesting turn of events, to say the least. For now, the goal is to try and break any obfuscation efforts made by his three downloaded files. That will prove to be quite challenging, though. Rest assured Blackmoon will not go away anytime soon.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.


Illuminati, Mason, Anonymous I'll never tell. I can tell you this, global power is shifting and those who have the new intelligence are working to acquire this new force. You matter naught except to yourself, therefore prepare for the least expected and make your place in the new world order.

Disqus Comments Loading...
Published by

Recent Posts

Ripple Gives One Billion XRP to Former CTO Startup, Plus Paying For Publicity

Ripple Labs, the company behind XRP, has given for free some 1 billion XRP, worth $270 million, to a company… Read More

33 mins ago

54% of Bitcoin Volume on “Lower Quality Exchanges”: Report

The vast majority of the world’s cryptocurrency trading volume is in the hands of “lower quality exchanges”, while the world’s… Read More

33 mins ago

Bitcoin is Used more by Civilians than Some Bankers, Lawmakers or Terrorists

In many countries, including Palestine and the entire world at large, Bitcoin is used more by civilians than some bankers… Read More

33 mins ago

Billionaire Investor Tim Draper Claims Bitcoin Prices Will Hike Upto $250,000 By 2022

Very rich person Investor Tim Draper Claims Bitcoin Prices Will Hike up to $250,000 by 2022Bitcoin (BTC) may proceed to… Read More

33 mins ago

Bitcoin (BTC) mining giant Bitmain firm announces purchasing more crypto mining chips that subject to a potential profit of $1.2 billion

Risk Disclaimer - By using this web site you agree to its terms and conditions. All materials, including but not… Read More

33 mins ago

Squeaky-Clean Apple Is Quietly Pummeling Its FAANG Stock Buddies

Apple stock is brushing off a decline in iPhone sales while continuing to make gains in 2019. | Source: REUTERS/Joshua… Read More

34 mins ago

This website uses cookies. We use these cookies to collect data about your interaction with our website for the purpose of continuously improving your experience with our site. For more information we encourage you to read our privacy policy.

Read More