SYMBOLCOMMON_NAMEaka. SYNONYMS

Yanbian Gang  (Back to overview)


RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank.


Associated Families

There are currently no families associated with this actor.


References
2021-04-07RiskIQTeam RiskIQ
@online{riskiq:20210407:yanbian:43530e8, author = {Team RiskIQ}, title = {{Yanbian Gang Malware Continues with Wide-Scale Distribution and C2}}, date = {2021-04-07}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/}, language = {English}, urldate = {2021-04-19} } Yanbian Gang Malware Continues with Wide-Scale Distribution and C2
Yanbian Gang
2018-11-26Trend MicroLorin Wu, Ecular Xu
@online{wu:20181126:examining:7a7ccc0, author = {Lorin Wu and Ecular Xu}, title = {{Examining XLoader, FakeSpy, and the Yanbian Gang}}, date = {2018-11-26}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/18/k/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang.html}, language = {English}, urldate = {2021-04-19} } Examining XLoader, FakeSpy, and the Yanbian Gang
FakeSpy XLoader Yanbian Gang
2018-06-19Trend MicroEcular Xu
@online{xu:20180619:fakespy:cd211fc, author = {Ecular Xu}, title = {{FakeSpy Targets Japanese and Korean-Speaking Users}}, date = {2018-06-19}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/18/f/fakespy-android-information-stealing-malware-targets-japanese-and-korean-speaking-users.html}, language = {English}, urldate = {2021-04-19} } FakeSpy Targets Japanese and Korean-Speaking Users
FakeSpy Yanbian Gang
2018-04-20Trend MicroTrend Micro
@online{micro:20180420:xloader:e46474f, author = {Trend Micro}, title = {{XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing}}, date = {2018-04-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/18/d/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing.html}, language = {English}, urldate = {2021-04-19} } XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
XLoader Yanbian Gang
2015-02-12Trend MicroSimon Huang
@online{huang:20150212:mobile:057aef0, author = {Simon Huang}, title = {{Mobile Malware Gang Steals Millions from South Korean Users}}, date = {2015-02-12}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-malware-gang-steals-millions-from-south-korean-users/}, language = {English}, urldate = {2021-04-19} } Mobile Malware Gang Steals Millions from South Korean Users
Yanbian Gang

Credits: MISP Project