Home / malware Infostealer.Boyapki.C
First posted on 09 July 2015.
Source: SymantecAliases :
There are no other names known for Infostealer.Boyapki.C.
Explanation :
Once executed, the Trojan may connect to the following remote locations:
http://www.get-ip.me/[http://]user.qzone.qq.com/5139[REMOVED][http://]user.qzone.qq.com/31318[REMOVED]
The Trojan then checks the browsing history on the compromised computer for access to the websites of the following banks:
KBstarWoori BankShinhan BankIBKNonghyup BankKNBankBusan BankHana BankJeonbuk BankKorea Exchange BankKFCC
Next, the Trojan creates the following browser shortcut files:
%SystemDrive%\Documents and Settings\All Users\Desktop\Internet Explorer.lnk%SystemDrive%\Documents and Settings\All Users\Desktop\Google Chrome.lnk
If the browser shortcuts are clicked, the user may be sent to a phishing website.Last update 09 July 2015