Improved variant of Citadel malware now attacking Japanese banks

Steals information and webmail services credentials.

Security firm Trend Micro Since noted that since early June, cybercriminals have been utilizing a variant of the notorious “Citadel” banking Trojan to target the customers of Japanese banks.

Trend Micro said the IP addresses of the command and control (C&C) servers used in these attacks are located in the USA and Europe. It noted, however, that 96% of the connections to these servers are from Japan.

During a six-day period, experts identified around 20,000 unique IP addresses connecting to the C&C servers. This means that the operation is highly successful in stealing online banking credentials from infected computers.

The targeted financial institutions have already started warning their customers regarding these attacks.