9 matches found
Spammers Revive Hancitor Downloader Campaigns
A recent lull in the distribution of spam spreading information-stealing malware via the Hancitor downloader has been snapped. Researchers at the SANS Internet Storm Center are currently tracking an increase in spam purporting to be a forwarded parking ticket notification. The message prompts the...
TrickBot Banking Trojan Adds New Browser Manipulation Tools
The TrickBot banking Trojan, a close relative to Dyre, has a growing target list and new browser manipulation techniques, experts at IBM X-Force said. “We expect to see it amplify infection campaigns and fraud attacks, sharpen its aim on business and corporate accounts,” wrote Limor Kessem,...
Neverquest Trojan Gets Big Summer Update
The once prolific banking Trojan Neverquest received a major code revamp over the summer and is now armed with modifications that can more adeptly hijack a victim’s PC, inject code into webpages and steal credentials. The update represents a significant enough change to the malware that researche...
Hancitor Malware Shifts Infection Strategies
Researchers said a new variant of the Hancitor downloader has shifted tactics and adopted new dropper strategies and obfuscation techniques on infected PCs. Researchers at Palo Alto Networks are currently tracking the biggest push of the Hancitor family of malware since June that it says has...
Vawtrak Trojan Adds DGA, SSL Pinning
Attackers behind the Vawtrak banking Trojan have been keeping busy, updating the malware over the last few weeks with new a domain generation algorithm DGA and SSL pinning capabilities. Research published by security firm Fidelis on Tuesday explains the updates and breaks down how Vawtrak’s DGA...
Two New Strains of POS Malware, Cherry Picker, Abaddon, Surface
Point of sale malware has gotten more sophisticated as we inch closer to the two-year anniversary of the Target data breach. Now, two weeks from the biggest shopping day of the year, two new and different strains of point of sale malware have come to light, including one that’s gone largely...
Banking Malware Vawtrak Seen Using Tor2Web
Developers behind the banking Trojan Vawtrak have begun obscuring some of their servers with Tor2Web, a move that’s added another degree of difficulty when it comes to uncovering their activity. To this point the malware’s techniques – its evolution beyond banking websites, ability to break...
Dangerous 'Vawtrak Banking Trojan' Harvesting Passwords Worldwide
Security researcher has discovered some new features in the most dangerous Vawtrak, aka Neverquest, malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network. The researcher, Jakub Kroustek from AVG anti-virus firm, has provided an in-depth...
Like a Nesting Doll, Vawtrak Malware Has Many Layers
Researchers have peeled back more layers on Vawtrak, a relatively new banking Trojan so complex that those who have taken it apart have likened it to a Matryoshka, or Russian nesting doll. Virus Bulletin published a deep dive on the malware penned by Raul Alvarez, a researcher with Fortinet,...