A Trend Micro Research Paper describes an ongoing attack that targets a number of countries worldwide. The attack is designed to bypass a certain two-factor authentication scheme used by banks. Operation Emmental is a complex operation that involves several components in order to defeat a particular online banking protection system used in several countries. The infrastructure required to pull the attack off is not inconsequential—the attackers need a Windows malware binary, a malicious Android app sporting various banks’ logos, a rogue DNS resolver server, a phishing Web server with several fake bank site pages, and a compromised C&C server.
In response, Trend Micro contacted the banks that the cybercriminals behind Operation Emmental attempts to phish so they could take appropriate measures to protect their clients.