What is Ghimob Malware?

A new Android malware strain ‘Ghimob’ is mimicking third-party mobile (mainly banking) apps to spy and steal user data when downloaded and installed. This Trojan virus steals data from users, primarily targeting online banking and cryptocurrency. As of the end of 2020, it is believed to siphon data from more than 153 apps by asking […]

The post What is Ghimob Malware? appeared first on Security Intelligence.

Continue reading What is Ghimob Malware?

Alien Mobile Malware Evades Detection, Increases Targets

PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google’s malware detection and is targeting a broad spectrum of both… Continue reading Alien Mobile Malware Evades Detection, Increases Targets

Ransomware gang Egregor publishes details from HR firm Randstand following hack

A cybercriminal group breached the IT systems of Randstad, one of the largest head-hunting companies in the world, and published some internal corporate data in an apparent extortion attempt, the firm said Thursday. Netherlands-based Randstad pointed the finger at the criminal gang behind Egregor, a nascent type of ransomware that’s struck multiple organizations in recent weeks. The attackers gained access “to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France,” Randstad said in a press release. “A limited number of servers were impacted.” Randstad, which employed more than 38,000 people last year and reported more than $28 billion in revenue, said it was still identifying what data had been accessed. Law enforcement and third-party investigators are also involved in the matter, the company said. “We believe the incident started with a phishing email that initiated malicious software to […]

The post Ransomware gang Egregor publishes details from HR firm Randstand following hack appeared first on CyberScoop.

Continue reading Ransomware gang Egregor publishes details from HR firm Randstand following hack

Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say

Cybercriminals have used a new malicious software kit to target banking customers in Brazil, but harbor ambitions far beyond the Latin American country, security researchers said Monday. The data that anti-virus company Kaspersky released shows how an enterprising group of crooks has used Brazil to fine-tune their banking trojan, as the financially-focused malware is called. After successfully infecting numerous victims in Brazil, the campaign has expanded to other Portuguese-speaking countries, from Angola to Mozambique to Portugal. Ghimob, as the newly discovered trojan is known, has a series of features that could make it more effective than previous attempts by Brazilian malware developers to target users abroad, according to the researchers. It is a “full-fledged spy in your pocket” that siphons off data through a number of means, Kaspersky researcher Fabio Assolini and his colleagues wrote in a blog post. It’s a fraudulent app, hosted outside of the Google Play Store, that once installed […]

The post Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say appeared first on CyberScoop.

Continue reading Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say

Wroba Mobile Banking Trojan Spreads to the U.S. via Texts

The Roaming Mantis group is targeting the States with a malware that can steal information, harvest financial data and send texts to self-propagate. Continue reading Wroba Mobile Banking Trojan Spreads to the U.S. via Texts

Emotet hackers are using Democratic Party content in email scam

A global spike in the spread of Emotet malware now includes phishing messages geared toward potential Democratic Party volunteers at hundreds of U.S. organizations, according to security researchers. Attackers behind the Emotet hacking tool have referred to current events in their email lures before, but “historically they have not directly leveraged political themes in their messaging,” reports email security company Proofpoint. The body of this particular email is taken directly from a page on the Democratic National Committee’s website, the researchers say, and attached is a malicious Word document titled “Team Blue Take Action.” The thousands of emails sent to U.S. targets came in the same week that interest spiked in the U.S. presidential campaign as President Donald Trump and Democratic challenger Joe Biden met in their first debate. (Trump’s announcement early Friday of a positive coronavirus test probably will not dampen Democrats’ interest in the race.) Proofpoint stresses that despite the political content of […]

The post Emotet hackers are using Democratic Party content in email scam appeared first on CyberScoop.

Continue reading Emotet hackers are using Democratic Party content in email scam

Alien Android Banking Trojan Sidesteps 2FA

A new ‘fork’ of the Cerberus banking trojan, called Alien, targets victims’ credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook. Continue reading Alien Android Banking Trojan Sidesteps 2FA

A financially-motivated attack group is getting better at using this banking trojan

Threat actors using a common banking trojan are improving the ways they get it on victims’ systems, according to new research from Juniper Networks’ threat research team. In recent months the operators have been working to evade detection by using password protected attachments and keyword obfuscation in their trojanized documents, according to Juniper Threat Labs. And in the last month, the hackers have gone a step further and begun using a malicious DLL file to run a second-stage attack that ultimately delivers IcedID, a banking trojan, says Juniper security researcher Paul Kimayong. “This time, they also use a DLL for the second-stage downloader, which shows a new maturity level of this threat actor,” Kimayong says in a blog on the matter. IcedID, which IBM X-Force researchers discovered in 2017, has been used in a variety of financially-motivated attacks targeting banks, payment card providers, payroll, and e-commerce sites. The attackers have […]

The post A financially-motivated attack group is getting better at using this banking trojan appeared first on CyberScoop.

Continue reading A financially-motivated attack group is getting better at using this banking trojan