The crooks behind the recent campaign may be from China
http://i1-news.softpedia-static.com/images/fitted/340x180/blackmoon-banking-trojan-infected-over-160-000-south-koreans.png
Jul 22, 2016 00:00 GMT · By Catalin Cimpanu Over 100,000 South Koreans had their banking credentials stolen by crooks who leveraged the BlackMoon banking trojan, also detected as W32/Banbra, Fortinet researchers reveal.
The security vendor initially identified the campaign in April, when it also managed to discover an open-access directory belonging to one of the BlackMoon C&C servers.
Inside, security researchers found logs and data that revealed details about infected victims. The numbers showed 110,130 victims worldwide and 108,850 in South Korea. Bear in mind that BlackMoon uses different C&C servers, so the total numbers are probably higher.
Full Article