36 matches found
TrickBot Malware Using New Techniques to Evade Web Injection Attacks
The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep...
Trickbot module descriptions
Trickbot aka TrickLoader or Trickster, is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially th...
IcedID Banker is Back, Adding Steganography, COVID-19 Theme
A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity. Researchers at Juniper Threat Labs have...
Oski Data-Stealing Malware Emerges to Target North America, China
An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more. Oski, likely a Finnish or Nordic variant of the word Oska, meaning “Viking warrior or god” in Samoan,...
Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, bu...
Threat Round Up for Dec 01 - Dec 08
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between December 01 and December 08. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan
Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...
NukeBot Banking Trojan Source Code Leaked Online by Author
The author behind NukeBot, a modular banking Trojan, released source code for the malware earlier this month in an apparent effort to regain the trust of the cybercrime community. Gosya, NukeBot’s creator, posted a GitHub link to the malware, calling it a “zeus-like banking trojan,” on several...
Windows Atom Tables Can Be Abused for Code Injection Attacks
Researchers have identified a way attackers could use atom tables in all versions of Windows to inject malicious code into a computer and bypass detection by security products at the same time. The technique has been nicknamed AtomBombing by researchers at enSilo, and opens the door to perform...
Luuuk Bank Fraud Campaign Nets €500K in One Week
A fraud campaign siphoned more than half a million dollars from a European bank over the course of a week earlier this year, researchers with Kaspersky Lab announced this week. The campaign, dubbed Luuuk, extracted €500,000 roughly $679,700 USD from 190 victims, mostly in Italy and Turkey, from...
Gameover ZeuS Trojan Targets Users of Monster.com Employment Portal
Zeus Trojan is one of the most popular families of Banking Trojan, which was also used in a targeted malware campaign against a Salesforce.com customer at the end of the last month and researchers found that the new variant of Zeus Trojan has web crawling capabilities that are used to grab...
iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi
Security researchers Adi Sharabani and Yair Amit have disclosed details about a widespread vulnerability in iOS apps, that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the...
Dutch Police arrested TorRAT Malware Gang for stealing over Million Dollar
The TorRAT malware was first appeared in 2012 as spying tool only. But from August 2012, Bitcoin Mining feature was added and it became a powerful hacking tool that was commonly associated with attacks on Financial institutions. ab This year TorRat Malware targeted two out of three major Banks in...
CareerBuilder man in the browser attack
No one can say that hackers don’t have a sense of irony. In search of money mules, attackers behind a variant of the Zeus Trojan have configured the malware to activate when users visit careerbuilder.com with code that redirects victims to an advertisement for a mule-recruitment website...
Citadel Banking Malware Targets Payza Payment Service
A new variant of Citadel malware is making the rounds that is targeting Payza, a money transfer service popular all over the world, especially in developing nations that are under-serviced when it comes to accessing the Internet. The payment processing company bills itself as “your money’s gatewa...
UK banks hit by Ramnit banking malware and social engineering attacks
A dangerous variant of the Ramnit malware has been discovered targeting the UK's financial sector. Trusteer claims to have discovered an interesting trojan based attack technique that injects highly convincing and interactive real-time messages into the user Web stream that they encounter when...
UK banks hit by Ramnit banking malware and social engineering attacks
A dangerous variant of the Ramnit malware has been discovered targeting the UK's financial sector. Trusteer claims to have discovered an interesting trojan based attack technique that injects highly convincing and interactive real-time messages into the user Web stream that they encounter when...
Ramnit Man-in-the-Browser Attack Targets UK Banks
Nowhere is the cat-and-mouse game between attackers and the security of users more evident than with social engineering schemes. Users’ awareness of phishing campaigns, for example, may be improving, but that’s just forcing attackers bent on identity theft and stealing payment card information to...
Twitter Malware spotted in the wild stealing banking credentials
Trusteer researcher Tanya Shafir has recently identified an active configuration of TorRAT targeting Twitter users. Other than spreading ideas on the most popular social networks, now cyber criminals are spreading malware. The malware launches a Man-in-the-Browser MitB attack through the browser ...
Trusteer Discovers New Twitter Malware Targeting the Dutch
As Twitter continues to secure its footing in the social network spectrum, it continues to be complemented by an ongoing deluge of spam and malware, intent on tapping into – and duping – the social network’s 200 million plus users. Tanya Shafir, a researcher at the security firm Trusteer recently...