It’s common to find all sorts of malware lurking under what seem to be harmless apps on the official Google Play store. Unfortunately, even if the platform is policed carefully, moderators can’t always catch these apps before they’re posted. One of the most popular variations of this kind of malware is Trojan subscribers, which sign up for paid services without the user’s … [Read more...] about The Harly Trojan subscriber in Google Play apps
Trojan
New features of the Trickbot Trojan
Exactly five years ago, in October 2016, our solutions first encountered a Trojan named Trickbot (aka TrickLoader or Trickster). Found mostly on home computers back then, its primary task was to steal login credentials for online banking services. In recent years, however, its creators have actively transformed the banking Trojan into a multifunctional modular tool. What’s … [Read more...] about New features of the Trickbot Trojan
Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users
A newly discovered "aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge. Zimperium zLabs dubbed the malicious trojan "GriftHorse." The money-making scheme is believed to have been under active … [Read more...] about Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users
Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan
A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts. The application masquerades as an animated porn game, a reward points application, or a video streaming application, Trend Micro … [Read more...] about Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan
APT Hackers Distributed Android Trojan via Syrian e-Government Portal
An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro … [Read more...] about APT Hackers Distributed Android Trojan via Syrian e-Government Portal
16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain
Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and … [Read more...] about 16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger — a .NET-based malware with capabilities to hinder … [Read more...] about Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials
Cisco Secure Workload Immediate Actions in Response to “SUNBURST” Trojan and Backdoor
Background The SUNBURST trojan and backdoor, as dubbed by FireEye researchers, that has compromised multiple U.S. Government systems recently, highlights the complexity and connectedness of the modern enterprise IT environment as a security weakness. Recent reporting makes clear that the adversary took advantage of software complexity to deliver a highly refined attack … [Read more...] about Cisco Secure Workload Immediate Actions in Response to “SUNBURST” Trojan and Backdoor
North Korean hackers targeting South Korea with RokRat Trojan
A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access … [Read more...] about North Korean hackers targeting South Korea with RokRat Trojan
From Banking Trojan to Malware Distributor
Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses. Being constantly under development, Emotet updates itself regularly to improve … [Read more...] about From Banking Trojan to Malware Distributor