After making its first in-the-wild appearance in March 2021, Vultur—an information-stealing RAT that runs on Android—is back. And its dropper is equally nasty. Vultur (Romanian for “vulture”) is known to target banks, cryptocurrency wallets, social media (Facebook, TikTok), and messaging services (WhatsApp, Viber) to harvest credentials using

Cleafy, a cybersecurity firm specializing in online fraud, has published new details about banking Trojan BRATA (Brazilian Remote Access Tool, Android), a known malware strain that first became widespread in 2019. BRATA is now being used to perform factory resets on victims’ machines. It’s rare for malware to damage or wipe victims’ mach

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco 

Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. As you may know, banking Trojans are kitted for stealing banking data like your username and password, and two-factor authentication (2FA) codes that you use to login to your bank account. They also capab

Last week on Malwarebytes Labs Instagram’s memorialize feature abused to memorialize…Instagram’s bossEvasive manoeuvres: HTML smuggling explainedFBI server hijacked to send up to 100,000 bogus attack mailsNew Mac malware raises more questions about Apple’s security patchingSharkBot Android banking Trojan cleans users outSoNot SoSa

Nethanella Messer and James Kilner contributed to the technical editing of this blog. IBM Trusteer researchers continually analyze financial fraud attacks in the online realms. In recent research into mobile banking malware, we delved into the BrazKing malware’s inner workings following a sample found by MalwareHunterTeam. BrazKing is an Android banki

If you haven’t heard of SoSafe Chat, you will now. This Android app, purported as a secure messaging application that uses end-to-end encryption, is the latest ruse cybercriminals put upon smartphone users, particularly those based in India, to infect their devices with GravityRAT, a piece of malicious software that is known to spy on people and steal the

Many of the malware campaigns we have detected over the last year have been global at scale, targeting anyone with little regard to their location. Recently, we discovered and began monitoring the activity behind PhoneSpy, a spyware aimed at South Korean residents with Android devices. With more than a thousand South Korean victims, the malicious group behin

Last week on Malwarebytes Labs Does Cybersecurity Awareness Month actually improve security?Police take a piece out of a ransomware gang, but won’t say which oneNeiman Marcus data breach affects millionsWindows 11 is out. Is it any good for security?Criminals were inside Syniverse for 5 years before anyone noticedFacebook shoots own foot, hits Instagram a

With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals targeting these endpoints for financial crimes. Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and the total amount stolen could be well into the hundreds of millions of Euros. Whil

As one of the key members of Google’s App Defense Alliance, Zimperium helps ensure the Android ecosystem is safer by processing all apps before they reach Google Play. Despite this direct involvement, malicious applications can find their way to Android devices through various app stores, sideloaded applications, and compromises malicious websites that tric

Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. A group of researchers from Adana Science and Technology University (Turkey) and the National University of Science and Technology (Islamabad, Pakistan) has developed a tool dubbed DroidMorph that prov

Last week on Malwarebytes Labs, we watched and reported on the Colonial Pipeline ransomware attack as developments of its story unfolded. This attack triggered the White House to refine a planned Executive Order on cybersecurity. We also profiled DarkSide, the ransomware responsible for the Colonial Pipeline attack, and the criminal gang behind it. Speaki

A new Android malware strain ‘Ghimob’ is mimicking third-party mobile (mainly banking) apps to spy and steal user data when downloaded and installed. This Trojan virus steals data from users, primarily targeting online banking and cryptocurrency. As of the end of 2020, it is believed to siphon data from more than 153 apps by asking for accessibi

Over the past few weeks, reports of the newest aggressive malware family to impact Android devices have made the rounds. Flubot, the credential and banking malware family, uses SMS phishing techniques to propagate to its victims, purporting to be various vendors and delivery services. The group behind this aggressive malware takes advantage of a common but