BankPatch/Multibanker/Patcher/NadeBanker. We will show how this banker circumvents eBanking solutions using a combination of MiTB (Man in The Browser) tricks and manipulating certain JAVA applets. Also, we will show how operations are controlled through a front C&C server and a backend SQL database. The Patcher gang buys "pay per installs" from people related to the Mebroot/Torpig gang. During the past 3 years, they have been performing attacks against Holland, Denmark and Greece. The Botnet consists of approximately 15,000 infected PC's, primarily located in Denmark, Greece and Ireland. This presentation will be divided into the following topics: Patcher malware in detail / How does this group operate / Profiling the group / Anti-virus detection statistics / How we mitigated this attack working with ISP's and Law Enforcment.