Initial Disclosure Date: July 17, 2014

On July 16, 2014, a Japanese security firm based in Tokyo, SecureBrain Corporation, revealed about updated VAWTRAK or Papras malware which targets 20 Japanese credit card companies. If a user accesses the Internet banking website of those targeted companies with an infected PC, a man-in-the-browser (MITB) attack is launched to insert short codes including script tags in order to change the contents and steal information.

Once a user inputs his or her ID and password in the fake Internet banking website, the information is forwarded to the adversary’s server. The input prompts another window which demands the victim to type his or her credit card number, expiration date, and security code. However, no credit card company requires users to input all of the information in one window. The user should stop typing his or her information immediately and needs to change the ID and password as soon as possible because the information was already sent to the adversary.

The 20 credit card companies are:

• Aeon Card
• Idemitsu Card
• NTT Group Card
• Epos Card
• OMC Card
• Orico Card
• JCB Card
• JP BANK Card
• Saison Card
• TS CUBIC Card
• DCMX
• Nissan Card
• Pocket Card
• Honda C Card
• Sumitomo Mitsui VISA Card
• Mitsubishi UFJ NICOS
• UCS Card
• Life Card
• Rakuten Card
• Resona Card

Sources:

1. SecureBrain, “SecureBrain ga kokunai 20 no kado geisha wo nerau uirusu ni taishite chui kanki [SecureBrain’s warning about malware which targets 20 Japanese credit card companies],” July 16, 2014,
   http://www.securebrain.co.jp/about/news/2014/07/card-mitb.html

* Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.