Banking Trojan – WindowsTechs.com

BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan

Posted on July 14, 2023 by Melissa Frydrych

In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations […]

The post BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan appeared first on Security Intelligence.

Continue reading BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan→

Kronos Malware Reemerges with Increased Functionality

Posted on January 25, 2023 by Itzik Chimino

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos […]

The post Kronos Malware Reemerges with Increased Functionality appeared first on Security Intelligence.

Continue reading Kronos Malware Reemerges with Increased Functionality→

Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail

Posted on February 25, 2022 by Charlotte Hammond

IBM Security X-Force researchers have discovered a revamped version of the Trickbot Group’s AnchorDNS backdoor being used in recent attacks ending with the deployment of Conti ransomware. The Trickbot Group, which X-Force tracks as ITG23, is a cybercriminal gang known primarily for developing the Trickbot banking Trojan, which was first identified in 2016 and initially […]

The post Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail appeared first on Security Intelligence.

Continue reading Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail→

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Posted on February 2, 2022 by Kevin Henson

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]

The post TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware appeared first on Security Intelligence.

Continue reading TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware→

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

Posted on January 31, 2022 by Limor Kessem

Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The […]

The post Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data appeared first on Security Intelligence.

Continue reading Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data→

TrickBot Bolsters Layered Defenses to Prevent Injection Research

Posted on January 24, 2022 by Michael Gal

This post was written with contributions from IBM X-Force’s Limor Kessem and Charlotte Hammond. The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, has been escalating activity. As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through […]

The post TrickBot Bolsters Layered Defenses to Prevent Injection Research appeared first on Security Intelligence.

Continue reading TrickBot Bolsters Layered Defenses to Prevent Injection Research→

Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft

Posted on November 3, 2021 by AJ Vicens

Back in June, police in Spain arrested 16 people accused of being part of a gang laundering stolen money with the Mekotio and Grandoreiro banking trojans. The suspects in that arrest had already swiped more than $320,000, authorities said, but were on the verge of taking about $4 million before their arrests. But that arrest wasn’t the end for the malware. In the last three months, Mekotio malware has been used to actively target victims again, a report published Wednesday by Check Point Research suggests, with more than 100 attacks detected that show new stealth and evasion techniques in Brazil, Chile, Mexico, Spain and Peru. “Although the Spanish Civil Guard announced the arrest of 16 people involved with Mekotio distribution in July 2021, it appears the gang behind the malware is still active,” said Kobi Eisenkraft, the malware research and protection team leader at Check Point. The research, written by […]

The post Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft appeared first on CyberScoop.

Continue reading Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft→

New ZE Loader Targets Online Banking Users

Posted on September 23, 2021 by Nir Somech

IBM Trusteer closely follows developments in the financial cyber crime arena. Recently, we discovered a new remote overlay malware that is more persistent and more sophisticated than most current-day codes. In this post we will dive into the technical details of the sample we worked on and present ZE Loader’s capabilities and features. The parts […]

The post New ZE Loader Targets Online Banking Users appeared first on Security Intelligence.

Continue reading New ZE Loader Targets Online Banking Users→

What is Ghimob Malware?

Posted on May 7, 2021 by David Bisson

A new Android malware strain ‘Ghimob’ is mimicking third-party mobile (mainly banking) apps to spy and steal user data when downloaded and installed. This Trojan virus steals data from users, primarily targeting online banking and cryptocurrency. As of the end of 2020, it is believed to siphon data from more than 153 apps by asking […]

The post What is Ghimob Malware? appeared first on Security Intelligence.

Continue reading What is Ghimob Malware?→

Alien Mobile Malware Evades Detection, Increases Targets

Posted on May 4, 2021 by Jessica Ellis

PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google’s malware detection and is targeting a broad spectrum of both… Continue reading Alien Mobile Malware Evades Detection, Increases Targets→