New Dridex Variant Slips By Anti-Virus Detection
A never-before-seen Dridex variant has been spotted in phishing emails using anti-virus detection evasion tactics. Continue reading New Dridex Variant Slips By Anti-Virus Detection
Category Archives: dridex
Nevada data center used to distribute Dridex, GandCrab malware right under the FBI’s nose
Scammers used data centers located in the United States to launch nasty strains of malware against English-speaking web users, according to Bromium research published Thursday. The hacking campaign lasted from May 2018 to last month, and included five families of banking trojans, two families of ransomware and three forms of malware meant to collect victims’ personal information. The cybercriminal operation relied on U.S. data centers, with 11 web servers hosted at BuyVM, a virtual private server company in Nevada. The malware — identified as Neutrino, IcedID, GandCrab, and Dridex, among others — is estimated to have stolen millions from international banks. The location alone makes this operation unusual, Bromium noted, because hackers typically organize in areas outside the FBI’s reach. “It was interesting to us that the hosting infrastructure is located in the United States and not a jurisdiction that is known to be uncooperative with law enforcement,” the researchers […]
The post Nevada data center used to distribute Dridex, GandCrab malware right under the FBI’s nose appeared first on CyberScoop.
Mapping Out a Malware Distribution Network
More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns. Malware families include Dridex, GandCrab, Neutrino, IcedID and others. Evidence suggests the existence of distinct threat actors… Continue reading Mapping Out a Malware Distribution Network
The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018
In 2018, IBM X-Force researchers observed organized cybercrime groups collaborating, rather than competing over turf or even attacking each other, for the first time.
The post The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018 appeared first on Security Intelligence.
Continue reading The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018
TA505 Crooks are Now Targeting US Retailers with Personalized Campaigns
Threat group moves away from “smash-and-grab” attacks and adopts a boutique approach to targeting victims. Continue reading TA505 Crooks are Now Targeting US Retailers with Personalized Campaigns
Fake HSBC “Are all above transactions recognisable to you” delivers malware
I haven’t seen Dridex banking trojan hitting the UK in absolutely ages. In fact I can’t remember when I last saw one. This is detected as Dridex by some VirusTotal detections but online sandbox analysis aren’t showing typical Dridex S… Continue reading Fake HSBC “Are all above transactions recognisable to you” delivers malware
‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass
CamuBot is a unique malware targeting Brazilian bank customers that attempts to bypass biometric account protections. Continue reading ‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass
Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks
A newly discovered malware campaign that currently conducts simple reconnaissance has the versatility to download additional capabilities onto a victim’s system, according to a report published Thursday by Proofpoint. Researchers say the malware, which is named “Marap” after a detail in its command and control (C&C) server, bears similarity to other campaigns associated with a threat actor known as TA505. Proofpoint says it has observed “millions of messages” in a malicious email campaign earlier this month. Emails tend to have various types of attachments, such as PDF files and Microsoft Word documents, laced with the Marap malware. Some of the phishing documents co-opt the name of a major U.S. bank in their fake communications, Proofpoint says. So far, the researchers say that the only functionality they’ve observed in Marap is to fingerprint systems it infects. The malware gathers basic information — usernames, domain names, IP addresses, country, anti-virus software detected […]
The post Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks appeared first on Cyberscoop.
Continue reading Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks
Updated GravityRAT Malware Adds Advanced AV Detection
Researchers warn that the code behind this remote access trojan has been tweaked in an attempt to decrease antivirus detection. Continue reading Updated GravityRAT Malware Adds Advanced AV Detection
Q1 2018 Results: Gozi (Ursnif) Takes Larger Piece of the Pie and Distributes IcedID
Gozi took a larger slice of the financial malware pie and become the most active banking Trojan in 2017, according to the IBM X-Force Threat Intelligence Index 2018.
The post Q1 2018 Results: Gozi (Ursnif) Takes Larger Piece of the Pie and Distributes IcedID appeared first on Security Intelligence.
Continue reading Q1 2018 Results: Gozi (Ursnif) Takes Larger Piece of the Pie and Distributes IcedID