HackDig : Dig high-quality web security articles for hacker

Diving Into Zberp’s Unconventional Process Injection Technique

IBM X-Force Research recently discovered a small-scale malware campaign involving a Neutrino bot, aka Kasidet, dropping a payload that contains two Zeus malware breeds: Atmos and Zberp. Both of these codes are based on the leaked source code of the Zeus V2 banking Trojan that was exposed publicly in 2011. The Zberp Trojan, which is a subvariant of ZeusVM mix
Publish At:2017-10-22 05:01 | Read:383 | Comments:0 | Tags:Malware X-Force Research Banking Trojan Carberp Carberp sour

Zeus is Still the Base of Many Current Trojans

In 2007, no one expected ZeuS to have such a brutal impact on the digital world. But two years later, Zbot, another of the names it is known by, became a milestone in the history of cybersecurity. With more than 3.6 million infected computers in 2009, ZeuS compromised more than 74,000 FTP accounts on such important networks as those of NASA, ABC, Oracle, Cis
Publish At:2017-09-27 15:10 | Read:178 | Comments:0 | Tags:Panda Security b2b Trojan zbot zeus

EMOTET Returns, Starts Spreading via Spam Botnet

We first detected the banking malware EMOTET back in 2014, we looked into the banking malware’s routines and behaviors and took note of its information stealing abilities via network sniffing. After a period of relative inactivity, it appears it’s making a comeback with increased activity from new variants (Detected by Trend Micro as TSPY_EMOTET.AUSJLA
Publish At:2017-09-07 22:45 | Read:321 | Comments:0 | Tags:Botnets Malware botnet EMOTET Trojan

Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware

This is the first installment in an ongoing series about banking malware that faded away in 2017. Cybercrime is a very dynamic threat landscape. With over 100 million malware strains tracked by AV-TEST in 2016, malware can be a dime a dozen. When it comes to the more organized cybercrime groups and sophisticated banking Trojan projects, malware families are
Publish At:2017-08-08 16:20 | Read:357 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

TrickBot Habla Español: Trojan Widens Its Attack Scope in Spain, Brings Redirection Attacks to Local Banks

The TrickBot Trojan has been steadily ramping up its activity this year, going into a rather intensive period of updates and attacks that started in Q2 2017. From the looks of it, TrickBot’s operators have been investing heavily into widening the scope of their attacks and are preparing redirection attacks against banks in 19 different countries. After
Publish At:2017-07-19 08:05 | Read:402 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

The Magala Trojan Clicker: A Hidden Advertising Threat

One large group will slowly conquer another large group, reduce its numbers, and thus lessen its chance of further variation and improvement. <…> Small and broken groups and sub-groups will finally tend to disappear. Charles Darwin. ‘On the Origin of Species’ The golden age of Trojans and viruses has long gone. Malicious programs
Publish At:2017-07-12 10:00 | Read:611 | Comments:0 | Tags:Research Adware PUPs Trojan

TrickBot Spreads to the Nordics, Launches Redirection Attacks in France

IBM X-Force Research detected a new wave of TrickBot attacks targeting banks in Nordic countries. The malware expanded its configurations to launch fraud attacks against banks in Sweden, Finland, Norway, Denmark and Iceland, among the other geographies it targets. Moreover, the malware, which has been testing redirection attacks on one bank in France, now ta
Publish At:2017-06-20 22:45 | Read:613 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Zeus Sphinx Pushes Empty Configuration Files — What Has the Sphinx Got Cooking?

Lately, IBM X-Force Research has seen the Zeus Sphinx Trojan go through a targetless phase, an exceedingly rare occurrence in the cybercrime arena. Recent Zeus Sphinx samples have fetched configuration files in which all the target URLs were removed. This means that while Sphinx infection campaigns continue and the malware can infect new machines, it remains
Publish At:2017-06-15 13:50 | Read:981 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Emerging Matrix Banker Trojan is targeting banks in Latin America

Security Experts at Arbor Networks have spotted a new banking trojan, initially called ‘Matrix Banker’, that is targeting Latin America. Malware researchers at Arbor Networks have spotted a new banking trojan, initially called ‘Matrix Banker’, that is targeting Latin America. The malicious code seems to be still under development, mo
Publish At:2017-06-14 02:05 | Read:583 | Comments:0 | Tags:Breaking News Cyber Crime Malware banking Cybercrime malware

Dvmap: the first Android malware with code injection

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Kaspersky Lab products detect it as Trojan.AndroidOS.Dvmap.a. The distribution of rooting malware thr
Publish At:2017-06-08 15:45 | Read:848 | Comments:0 | Tags:Featured Mobile code injection Google Android Mobile Malware

QakBot Banking Trojan Causes Massive Active Directory Lockouts

IBM X-Force Research recently observed a wave of malware-induced Active Directory (AD) lockouts across several incident response engagements. The lockouts caused hundreds to thousands of AD users to get locked out of their company’s domain in rapid succession, leaving employees of the impacted organizations unable to access their endpoints, company ser
Publish At:2017-06-03 00:15 | Read:1417 | Comments:0 | Tags:Advanced Threats Incident Response Threat Intelligence Banki

GootKit Malvertising Brings Redirection Attacks to Italian Banks

Earlier in May, I reported that GootKit had launched redirection attacks for the first time. The malware prepared for its new modus operandi in the U.K., targeting major banks there with this advanced browsing manipulation attack. I also predicted that this was just a test and that we’re about to see more. That prediction has come true. GootKit officia
Publish At:2017-05-24 00:45 | Read:856 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

GootKit Launches Redirection Attacks in the UK

While going over some recent GootKit configurations, I came across an unfamiliar URL format that includes two URLs instead of one. It only takes a fraction of a second to understand: GootKit has launched redirection attacks — a more advanced way to manipulate online banking sessions than the typical webinjection attacks its operators had used up until now. M
Publish At:2017-05-14 01:10 | Read:443 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Neverquest Gang Takes Leave — Is It the End of the Quest?

I’ll bet no one is missing the Neverquest Trojan, and maybe that’s why many have not even realized one of the top cybergang-operated malware codes has taken a substantial plunge this year. The Neverquest Trojan, a consistent occupant of the top 10 most active banking Trojans in the world, has suffered a blow due to the arrest of one of its allege
Publish At:2017-05-05 01:55 | Read:774 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil. Harvesting victims via weakly protected RDP (remote desktop protocol) connections, criminals are manually installing the ransomware and encrypting any files which can be found on the system. Interesti
Publish At:2017-04-24 17:40 | Read:897 | Comments:0 | Tags:Blog Research Brazil Ransomware RDP TeamXRat Trojan

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud