MyWife.cc Website Compromised by Malware Which Steals Banking Details
The Japanese pornographic website MyWife.cc was among those compromised by criminals behind the Aitabook malware campaign. Screengrab

Visitors to some of Japan's most popular pornographic websites are being served malware which silent infects their computers before stealing personal and banking information users submit to other websites.

According to research from security firm Eset, the criminals behind the malware, called Aibatook, have compromised a number of the most popular pornographic websites in Japan meaning that when people visit these sites using Windows PCs, their systems could be infected.

Upon visiting compromised sites users can be redirected to an exploit page that attempts to take advantage of a Java vulnerability - one which was fixed in June 2013, but which many users have still not patched. If a vulnerable computer is identified, a 404 error page is displayed to hide the fact that the PC is silently running a malicious Java applet.

Eset says it has identified four Japanese porn websites which have been compromised (sokuhabo.net, www.uravidata.com, ppv.xxxurabi.com and mywife.cc) but it believes that others are also at risk.

Once installed on your system, the piece of malware sits there silently on your system until you open Internet Explorer (Japan's most popular internet browser) and visit online banking websites including those of Japan Post and the SBI Sumishin Net Bank.

The Aibatook malware then cunningly injects fraudulent forms onto the page to collect confidential login information. The stolen data is then sent back to the criminals via a Command and Control server.

The researchers have also discovered that in April a new feature was added to the malware which allows the people controlling it to monitor information inputted to a much wider range of websites using a technique commonly known as form-grabbing.

Form-grabbing consists of "constantly monitoring HTML input fields in webpages browsed by the user. In case these input fields match certain conditions, their filled values will then be exfiltrated."

So far Eset has identified 87 websites which have been compromised using this technique.

The malware has been refined over recent months Eset's researchers say, and it could be ready to be spread much wider:

"Based on our observations during this investigation, Aibatook has been constantly developed over the past few months. We believe that this malware family is now ready for take-off, and we expect its authors to spread it more broadly in the near future."

The Aibatook malware shows once again the importance of keeping your computers up to date with the latest software:

"The key message here is for people to understand of patching their computer operating system and applications regularly," said Joan Calvet, security researcher for ESET. "Software providers continue to simplify the patching process, but it is vital we all install patches from our software providers in a timely way to secure against these types of threats. To put these guys out of business, we all need to be good net citizens."