VERY IMPORTANT

360 Threat Intelligence Center recently found an attack against South Korean mobile banking users. First activity may back to December 22, 2018, and until this document is finished, attack is still ongoing. Both malware samples and C2 infrastructure are written in Korean. So 360 believes this attack is run by actors from South Korea. The main attack platform for Android, attack target as the bank of Korea APP users, means of attack by fake APP, many South Korean bank in tricking users to install and run under the premise of success, to steal personal information, and remote control mobile user, connected directly with the bank in order to skip the users authentication, thus stealing users' personal property. Up to now, 360Threat Intelligence Center has captured a total of 55 kinds of the same family Android trojans, and the number of wild samples is as high as 118. Through correlation analysis, 360 also found that the black production gang used more than 300 servers for storing user information.