Since last year, Fidelis Cybersecurity Threat Response observed two man-in-the-browser attacks on South Korean financial institutions that used the Blackmoon banking trojan. An earlier attack last July stole credentials of more than 150,000 Korean users. The attacks also targeted services from a range of websites where people can manage money including banks, wealth management firms and retirement investment services. Blackmoon, also known as KRBanker or Banbra, captures users account name and password when they type them in.”]
Source: https://www.csoonline.com/article/3196742/blackmoon-banking-trojan-returns-with-new-framework.html