Unveiling the latest banking trojan threats in LATAM

This post was made possible through the research contributions of Amir Gendler. In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions. In this […]

The post Unveiling the latest banking trojan threats in LATAM appeared first on Security Intelligence.

Continue reading Unveiling the latest banking trojan threats in LATAM

IBM X-Force Report: Grandoreiro Malware Targets More Than 1,500 Banks in 60 Countries

Find out how Grandoreiro banking trojan campaigns work and the countries targeted, as well as how to mitigate this malware threat. Continue reading IBM X-Force Report: Grandoreiro Malware Targets More Than 1,500 Banks in 60 Countries

BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan

In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations […]

The post BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan appeared first on Security Intelligence.

Continue reading BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos […]

The post Kronos Malware Reemerges with Increased Functionality appeared first on Security Intelligence.

Continue reading Kronos Malware Reemerges with Increased Functionality

Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail

IBM Security X-Force researchers have discovered a revamped version of the Trickbot Group’s AnchorDNS backdoor being used in recent attacks ending with the deployment of Conti ransomware. The Trickbot Group, which X-Force tracks as ITG23, is a cybercriminal gang known primarily for developing the Trickbot banking Trojan, which was first identified in 2016 and initially […]

The post Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail appeared first on Security Intelligence.

Continue reading Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]

The post TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware appeared first on Security Intelligence.

Continue reading TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The […]

The post Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data appeared first on Security Intelligence.

Continue reading Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

TrickBot Bolsters Layered Defenses to Prevent Injection Research

This post was written with contributions from IBM X-Force’s Limor Kessem and Charlotte Hammond. The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, has been escalating activity. As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through […]

The post TrickBot Bolsters Layered Defenses to Prevent Injection Research appeared first on Security Intelligence.

Continue reading TrickBot Bolsters Layered Defenses to Prevent Injection Research

Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft

Back in June, police in Spain arrested 16 people accused of being part of a gang laundering stolen money with the Mekotio and Grandoreiro banking trojans. The suspects in that arrest had already swiped more than $320,000, authorities said, but were on the verge of taking about $4 million before their arrests. But that arrest wasn’t the end for the malware. In the last three months, Mekotio malware has been used to actively target victims again, a report published Wednesday by Check Point Research suggests, with more than 100 attacks detected that show new stealth and evasion techniques in Brazil, Chile, Mexico, Spain and Peru. “Although the Spanish Civil Guard announced the arrest of 16 people involved with Mekotio distribution in July 2021, it appears the gang behind the malware is still active,” said Kobi Eisenkraft, the malware research and protection team leader at Check Point. The research, written by […]

The post Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft appeared first on CyberScoop.

Continue reading Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft

New ZE Loader Targets Online Banking Users

IBM Trusteer closely follows developments in the financial cyber crime arena. Recently, we discovered a new remote overlay malware that is more persistent and more sophisticated than most current-day codes. In this post we will dive into the technical details of the sample we worked on and present ZE Loader’s capabilities and features. The parts […]

The post New ZE Loader Targets Online Banking Users appeared first on Security Intelligence.

Continue reading New ZE Loader Targets Online Banking Users