HackDig : Dig high-quality web security articles for hacker

New version of IcedID Trojan uses steganographic payloads

This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strike and Maze ransomware, the later wave of malicious emails w
Publish At:2019-12-03 16:50 | Read:174 | Comments:0 | Tags:Threat analysis backdoor banking Trojan banking Trojans cred

Active TrickBot Campaign Observed Abusing SendGrid and Google Docs

<p><img src="https://info.phishlabs.com/hs-fs/hubfs/TrickBot.png?width=300&amp;name=TrickBot.png" alt="TrickBot" width="300" style="width: 300px; float: right; margin: 0px 0px 10px 10px;">PhishLabs has observed an active TrickBot campaign targeting the employees of multiple organizations. Trickbot is a sophisticated successor of the Dyre Bank
Publish At:2019-11-26 16:15 | Read:298 | Comments:0 | Tags:Banking Trojan TrickBot

BankBot Anubis Switches to Chinese and Adds Telegram for C2

<p>We've recently noticed&nbsp;two significant changes&nbsp;in C2 tactics used by the threat actors behind BankBot Anubis, a mobile banking trojan. First is the use of&nbsp;Chinese characters to encode the C2 strings (in addition to base64 encoding). The second is&nbsp;the use of&nbsp;Telegram Messenger&nbsp;in addition to&n
Publish At:2019-09-19 22:40 | Read:246 | Comments:0 | Tags:Threat Intelligence Banking Trojan BankBot Anubis

Ursnif Campaign Waves Breaking on Japanese Shores

According to IBM X-Force data on the activity of financial malware operated by organized cybercrime groups, the Ursnif (aka Gozi) banking Trojan was the most active malware code in the financial sector in 2016 and has maintained its dominance through 2017 to date. Ursnif’s activity is marked by both frequent code modifications and campaign activity in
Publish At:2017-10-26 19:35 | Read:4184 | Comments:0 | Tags:Banking & Financial Services Malware Threat Intelligence Ban

Diving Into Zberp’s Unconventional Process Injection Technique

IBM X-Force Research recently discovered a small-scale malware campaign involving a Neutrino bot, aka Kasidet, dropping a payload that contains two Zeus malware breeds: Atmos and Zberp. Both of these codes are based on the leaked source code of the Zeus V2 banking Trojan that was exposed publicly in 2011. The Zberp Trojan, which is a subvariant of ZeusVM mix
Publish At:2017-10-22 05:01 | Read:4950 | Comments:0 | Tags:Malware X-Force Research Banking Trojan Carberp Carberp sour

Vxers abused legitimate VMware binary to spread Banking Trojan Distribution

Cisco researchers discovered a malware campaign abusing a legitimate VMware binary to spread a banking Trojan. The threat actor behind the campaign uses multiple methods of re-direction when infecting the victims’ machines in order to remain under the radar, it also implemented a variety of anti-analysis techniques. The malware is written in Delphi, a novelt
Publish At:2017-10-01 20:55 | Read:2618 | Comments:0 | Tags:Breaking News Cyber Crime banking trojan Cybercrime malware

Retefe banking Trojan leverages EternalBlue exploit to infect Swiss users

Cyber criminals behind the Retefe banking Trojan have improved it by adding a new component that uses the NSA exploit EternalBlue. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack and NotPetya massive attacks. ETERNALBLUE targets the SMBv1 protocol and it has become widely adopted in the community of mal
Publish At:2017-09-24 03:40 | Read:3796 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware banking trojan Ete

New Android Banking Trojan Red Alert 2.0 available for sale on crime forums

Researchers discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month. Researchers with security firm SfyLabs have discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month. “The last several months a
Publish At:2017-09-19 13:05 | Read:4931 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Malware Android banking t

Brazilian Malware Client Maximus: Maximizing the Mayhem

In January 2017, IBM X-Force research reported the development of a new remote-access malware code targeting Brazilian banks. The malware, dubbed Client Maximus, was observed in ongoing campaigns and continues to target online banking users in the country. The development of Client Maximus, which is believed to be commercially available in Brazilian fraud an
Publish At:2017-09-12 13:50 | Read:3179 | Comments:0 | Tags:Fraud Protection Malware Threat Intelligence Advanced Threat

Android Banking Trojan MoqHao targets South Korea users

Security researchers from McAfee have spotted a new Android banking Trojan dubbed MoqHao, targeting South Korean users via SMS phishing messages. Attackers send phishing emails with a malicious code link that tricks victims into believing that it points to a lost private picture or a Chrome update. When victims click on the shortened links in the SMS message
Publish At:2017-08-30 05:45 | Read:3264 | Comments:0 | Tags:Breaking News Malware Mobile Android banking trojan MoqHao S

Jimmy Nukebot: from Neutrino with love

“You FOOL! This isn’t even my final form!” In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy. NeutrinoPOS vs Jimmy The au
Publish At:2017-08-29 07:00 | Read:3423 | Comments:0 | Tags:Research Banking Trojan Cryptocurrencies Malware Description

WannaCry hero Marcus Hutchins pleads not guilty

The 23-year-old expert Marcus Hutchins pleaded “not guilty” during a court hearing in Milwaukee, Wisconsin. His trial has been scheduled for October. Yesterday, Marcus Hutchins, the WannaCry hero, has pleaded not guilty to charges of creating and selling malware at a hearing in Milwaukee, Wisconsin. The court decided to relax the expert bail ter
Publish At:2017-08-15 12:50 | Read:2687 | Comments:0 | Tags:Breaking News Cyber Crime banking trojan Cybercrime Hacking

Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware

This is the first installment in an ongoing series about banking malware that faded away in 2017. Cybercrime is a very dynamic threat landscape. With over 100 million malware strains tracked by AV-TEST in 2016, malware can be a dime a dozen. When it comes to the more organized cybercrime groups and sophisticated banking Trojan projects, malware families are
Publish At:2017-08-08 16:20 | Read:3302 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

WannaCry Hero Marcus Hutchins pleads not guilty to malware claims

Yesterday the judge approved to release the researcher Marcus Hutchins on bail for a bond of $30,000 under certain conditions. Marcus Hutchins, also known as MalwareTech, is the 22-year-old security expert who made the headlines after discovering the “kill switch” that halted the outbreak of the WannaCry ransomware. Marcus Hutchins has been arrested in in La
Publish At:2017-08-05 15:40 | Read:3414 | Comments:0 | Tags:Breaking News Cyber Crime Malware banking trojan Cybercrime

UK malware researcher Marcus Hutchins accused of creating Kronos Trojan

The British security researcher Marcus Hutchins was arrested by the FBI on Thursday after being indicted on charges of creating the Kronos banking malware. The news of the Marcus Hutchins‘s arrest made the headlines, the motivation has shocked the IT sector; the British malware experts who stopped the WannaCry ransomware outbreak was arrested in Las
Publish At:2017-08-04 21:15 | Read:3260 | Comments:0 | Tags:Breaking News Cyber Crime Malware banking trojan Cybercrime

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud