Home Malware Programs Trojans KRBanker


Posted: June 3, 2013

KRBanker is a banking Trojan that steals personal information that's related to bank accounts, credit cards and related financial institutions, with a high degree of focus on South Korean companies. While KRBanker's attacks are very conventional for a Trojan of its type, that typicality doesn't make KRBanker any less dangerous than any other high-level threat, and KRBanker is easily capable of compromising your financial accounts without giving away any signals of its attacks. For South Koreans in particular, SpywareRemove.com malware research team recommends using updated anti-malware products to protect against KRBanker attacks and remove KRBanker. Naturally, you also should communicate with your bank and/or credit card provider after the fact to prevent KRBanker's criminal partners from abusing any stolen information.

Korea's Newest Problem: an Invisible Thief Instead of a Disguised One

SpywareRemove.com malware researchers primarily are familiar with South Korean malware attacks from the campaigns of various fake anti-virus scanners, such as CleanBoan, EveryClear and BootCare. However, these scamware campaigns aren't the limit of Korea-targeting malware attacks; recent evidence has been uncovered involving banking Trojans – a specialized type of spyware that more often is found in South America (as in the case of TSPY_BANKER.ZIP).

The banking Trojan of the hour, KRBanker, also includes a range of attacks that aren't directly related to its information-thieving activities. SpywareRemove.com malware analysts have defined some of the most important of KRBanker's functions as noted here:

  • KRBanker attempts to disable various major brands of anti-virus and anti-malware software.
  • KRBanker initiates contact with a C&C (or Command & Control) server that can allow for various backdoor Trojan-style attacks against your PC.
  • KRBanker uses the aforementioned C&C server to download other malicious files and launch them without your consent. These files are encrypted, which may prevent some anti-malware products from identifying them.

While these basic functions represent a potentially dangerous set of consequences for your PC's privacy and security, SpywareRemove.com malware experts note that these attacks aren't even KRBanker's primary purpose. KRBanker's central functions are based on scanning for specific DLL files and certificates that are related to Korean banks, other financial transaction-based companies and security programs. KRBanker automatically steals account login information, such as your account name and password. The 'reverse Robin Hood' style consequences of these attacks are rather obvious.

How to Keep the Latest Trojan Banker from Emptying Your Account

While less famous than high-profile PC threats like the notorious Zeus, KRBanker should be considered an advanced spyware program with extremely invasive attacks that are not to be underestimated. Any PCs that may have been compromised by KRBanker should be refrained from being used for any online financial activities until you've removed KRBanker and any related malware.

KRBanker doesn't display visible components and will resist all of the normal methods of software uninstallation. To counteract this, SpywareRemove.com malware experts suggest the use of powerful and updated (given KRBanker's recent detection – as of late May 2013) anti-malware products with a solid track record against spyware. After deleting KRBanker, you also should take some steps to protect any financial accounts by changing passwords and any other related information.