Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher , as another upgraded version of ClayRat has been spotted in the wild. The findings come from Intel 471, CYFIRMA, and Zimperium, respectively. FvncBot, which masquerades as a...

Researchers Expose TA585's MonsterV2 Malware Capabilities and Attack Chain

Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveragi...

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led t...

FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT

Over 5 years ago, we began tracking a new campaign that we called FakeUpdates also known as SocGholish that used compromised websites to trick users into running a fake browser update. Instead, victims would end up infecting their computers with the NetSupport RAT, allowing threat actors to gain...

New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency

A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers. "The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from...

TrickBot Malware Using New Techniques to Evade Web Injection Attacks

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep...

Silent Night Banking Trojan Charges Top Dollar on the Underground

A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service MaaS model. Custom builds can run as much as $4,000 per month to use, which researchers say is now...

Popular Video Editing Software Website Hacked to Spread Banking Trojan

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer. The official website of the VSDC software — one of the most popular, free video...

Ursnif Trojan Adopts New Code Injection Technique

Hackers are testing a new variation of the Ursnif Trojan aimed at Australian bank customers that utilizes novel code injection techniques. Since the summer of 2017, IBM X-Force researchers report that Ursnif or Gozi samples have been tested in wild by a new malware developer. The samples are a...

Modified Versions of Nukebot in Wild Since Source Code Leak

Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March wh...

The NukeBot banking Trojan: from rough drafts to real threats

This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums: earlier, he had been promoting his development so aggressively and behaving so erratically that he was eventually...

Neverquest Trojan Gets Big Summer Update

The once prolific banking Trojan Neverquest received a major code revamp over the summer and is now armed with modifications that can more adeptly hijack a victim’s PC, inject code into webpages and steal credentials. The update represents a significant enough change to the malware that researche...

Bank Trojans Nymaim, Gozi Merge Create GozNym

Two powerful Trojans, Nymaim and Gozi ISFB, have been combined to create a “double-headed beast” called GozNym. The Trojan has managed to steal $4 million since it was first discovered just two weeks ago, according to IBM X-Force Research. It reports the hybrid Trojan is currently engaged in an...

Gameover ZeuS Trojan Targets Users of Monster.com Employment Portal

Zeus Trojan is one of the most popular families of Banking Trojan, which was also used in a targeted malware campaign against a Salesforce.com customer at the end of the last month and researchers found that the new variant of Zeus Trojan has web crawling capabilities that are used to grab...