Home Malware Programs Trojans KRBanker

KRBanker

Posted: June 3, 2013

KRBanker is a banking Trojan that steals personal information that's related to bank accounts, credit cards and related financial institutions, with a high degree of focus on South Korean companies. While KRBanker's attacks are very conventional for a Trojan of its type, that typicality doesn't make KRBanker any less dangerous than any other high-level threat, and KRBanker is easily capable of compromising your financial accounts without giving away any signals of its attacks. For South Koreans in particular, SpywareRemove.com malware research team recommends using updated anti-malware products to protect against KRBanker attacks and remove KRBanker. Naturally, you also should communicate with your bank and/or credit card provider after the fact to prevent KRBanker's criminal partners from abusing any stolen information.

Korea's Newest Problem: an Invisible Thief Instead of a Disguised One

SpywareRemove.com malware researchers primarily are familiar with South Korean malware attacks from the campaigns of various fake anti-virus scanners, such as CleanBoan, EveryClear and BootCare. However, these scamware campaigns aren't the limit of Korea-targeting malware attacks; recent evidence has been uncovered involving banking Trojans – a specialized type of spyware that more often is found in South America (as in the case of TSPY_BANKER.ZIP).

The banking Trojan of the hour, KRBanker, also includes a range of attacks that aren't directly related to its information-thieving activities. SpywareRemove.com malware analysts have defined some of the most important of KRBanker's functions as noted here:

  • KRBanker attempts to disable various major brands of anti-virus and anti-malware software.
  • KRBanker initiates contact with a C&C (or Command & Control) server that can allow for various backdoor Trojan-style attacks against your PC.
  • KRBanker uses the aforementioned C&C server to download other malicious files and launch them without your consent. These files are encrypted, which may prevent some anti-malware products from identifying them.

While these basic functions represent a potentially dangerous set of consequences for your PC's privacy and security, SpywareRemove.com malware experts note that these attacks aren't even KRBanker's primary purpose. KRBanker's central functions are based on scanning for specific DLL files and certificates that are related to Korean banks, other financial transaction-based companies and security programs. KRBanker automatically steals account login information, such as your account name and password. The 'reverse Robin Hood' style consequences of these attacks are rather obvious.

How to Keep the Latest Trojan Banker from Emptying Your Account

While less famous than high-profile PC threats like the notorious Zeus, KRBanker should be considered an advanced spyware program with extremely invasive attacks that are not to be underestimated. Any PCs that may have been compromised by KRBanker should be refrained from being used for any online financial activities until you've removed KRBanker and any related malware.

KRBanker doesn't display visible components and will resist all of the normal methods of software uninstallation. To counteract this, SpywareRemove.com malware experts suggest the use of powerful and updated (given KRBanker's recent detection – as of late May 2013) anti-malware products with a solid track record against spyware. After deleting KRBanker, you also should take some steps to protect any financial accounts by changing passwords and any other related information.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KRBanker may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.