Collaborate Disseminate
PhishLabs has observed a spike in malicious emails distributing ZLoader malware. The spike is notably one of the greatest upticks for a single payload observed in a 24-hour period over the past year, and is the first significant sign that an… Continue reading Surge in ZLoader Attacks Observed
A cybercriminal group breached the IT systems of Randstad, one of the largest head-hunting companies in the world, and published some internal corporate data in an apparent extortion attempt, the firm said Thursday. Netherlands-based Randstad pointed the finger at the criminal gang behind Egregor, a nascent type of ransomware that’s struck multiple organizations in recent weeks. The attackers gained access “to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France,” Randstad said in a press release. “A limited number of servers were impacted.” Randstad, which employed more than 38,000 people last year and reported more than $28 billion in revenue, said it was still identifying what data had been accessed. Law enforcement and third-party investigators are also involved in the matter, the company said. “We believe the incident started with a phishing email that initiated malicious software to […]
The post Ransomware gang Egregor publishes details from HR firm Randstand following hack appeared first on CyberScoop.
Continue reading Ransomware gang Egregor publishes details from HR firm Randstand following hack
A banking trojan is targeting mobile app users in Brazil – and researchers warn that its operator has big plans to expand abroad. Continue reading Ghimob Android Banking Trojan Targets 153 Mobile Apps
Cybercriminals have used a new malicious software kit to target banking customers in Brazil, but harbor ambitions far beyond the Latin American country, security researchers said Monday. The data that anti-virus company Kaspersky released shows how an enterprising group of crooks has used Brazil to fine-tune their banking trojan, as the financially-focused malware is called. After successfully infecting numerous victims in Brazil, the campaign has expanded to other Portuguese-speaking countries, from Angola to Mozambique to Portugal. Ghimob, as the newly discovered trojan is known, has a series of features that could make it more effective than previous attempts by Brazilian malware developers to target users abroad, according to the researchers. It is a “full-fledged spy in your pocket” that siphons off data through a number of means, Kaspersky researcher Fabio Assolini and his colleagues wrote in a blog post. It’s a fraudulent app, hosted outside of the Google Play Store, that once installed […]
The post Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say appeared first on CyberScoop.
The Roaming Mantis group is targeting the States with a malware that can steal information, harvest financial data and send texts to self-propagate. Continue reading Wroba Mobile Banking Trojan Spreads to the U.S. via Texts
A global spike in the spread of Emotet malware now includes phishing messages geared toward potential Democratic Party volunteers at hundreds of U.S. organizations, according to security researchers. Attackers behind the Emotet hacking tool have referred to current events in their email lures before, but “historically they have not directly leveraged political themes in their messaging,” reports email security company Proofpoint. The body of this particular email is taken directly from a page on the Democratic National Committee’s website, the researchers say, and attached is a malicious Word document titled “Team Blue Take Action.” The thousands of emails sent to U.S. targets came in the same week that interest spiked in the U.S. presidential campaign as President Donald Trump and Democratic challenger Joe Biden met in their first debate. (Trump’s announcement early Friday of a positive coronavirus test probably will not dampen Democrats’ interest in the race.) Proofpoint stresses that despite the political content of […]
The post Emotet hackers are using Democratic Party content in email scam appeared first on CyberScoop.
Continue reading Emotet hackers are using Democratic Party content in email scam
A new ‘fork’ of the Cerberus banking trojan, called Alien, targets victims’ credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook. Continue reading Alien Android Banking Trojan Sidesteps 2FA
Threat actors using a common banking trojan are improving the ways they get it on victims’ systems, according to new research from Juniper Networks’ threat research team. In recent months the operators have been working to evade detection by using password protected attachments and keyword obfuscation in their trojanized documents, according to Juniper Threat Labs. And in the last month, the hackers have gone a step further and begun using a malicious DLL file to run a second-stage attack that ultimately delivers IcedID, a banking trojan, says Juniper security researcher Paul Kimayong. “This time, they also use a DLL for the second-stage downloader, which shows a new maturity level of this threat actor,” Kimayong says in a blog on the matter. IcedID, which IBM X-Force researchers discovered in 2017, has been used in a variety of financially-motivated attacks targeting banks, payment card providers, payroll, and e-commerce sites. The attackers have […]
The post A financially-motivated attack group is getting better at using this banking trojan appeared first on CyberScoop.
Continue reading A financially-motivated attack group is getting better at using this banking trojan
Emotet has resurfaced after a five-month hiatus, with more than 250,000 malspam messages being sent to email recipients worldwide. Continue reading Emotet Returns in Malspam Attacks Dropping TrickBot, QakBot
Four sophisticated malware families are ramping up their techniques and actively spreading to new countries, including the U.S. Continue reading Brazil’s Banking Trojans Go Global