Threat Roundup for October 7 to October 14

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 7 and Oct. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Threat Roundup for July 20-27

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between July 20 and 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat

The banking malware called Dorkbot is back. Samples of the 6-year-old malware are now ranked the second biggest banking malware headache in 2018 so far, according to new data from Check Point. “Dorkbot, known malware that dates back to 2012, has entered back the top ranks, starring in the APAC as...

Threat Round Up for Feb 2 - Feb 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 2 and February 9. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

Malware exploit: Tinba

Wikipedia Type: SQLi \tinybanker panel\admin/control/logs.act.php http://localhost/logs.act.php Post Data: botuid=1&botcomment=mate POST...

FLARE Script Series: flare-dbg Plug-ins

Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. In this post, we continue to discuss the flare-dbg project. If you haven’t read my first post on using flare-dbg to automate string decoding, be sure to check it out! We created the flare-dbg Pytho...

Tinba Variant Spotted Targeting Russian, Japanese Banks

Cybercriminals behind the Tinba banking Trojan have been homing in on some of the larger banks in Russia and Japan, experts claim. According to researchers with Dell SecureWorks, who looked at an instance of the malware last month, configuration files in one variant are targeting one of the...

'Tinba' Banking Malware Source Code Leaked Online

The source code for the smallest but sophisticated banking Trojan Tinba has been leaked through an online post in an underground forum, which make it available for anyone who knows where to look for free malware generation tools. The files posted on the closed russian underground forum turned out...

Tinba Banker Trojan Source Code Posted

The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the...

Tiny New Tinba Banker Trojan Found Stealing Financial Data

Security researchers have discovered a tiny new banking Trojan that comprises just 20 KB of code and uses a number of well-word man-in-the-browser tricks in an attempt to defeat two-factor authentication. Known as Tinba, the new malware doesn’t bother with any encryption or packing and yet is...