When it comes to banking Trojans, ZeuS is probably the most famous one ever released. Since its source code originally leaked in 2011, several new variants proliferated online. That includes a past fork called Terdot Zbot/Zloader, which we extensively covered in 2017. But recently, we observed another bot, with a design reminiscent of ZeuS, that seems to

This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strike and Maze ransomware, the later wave of malicious emails w

You always take your chances when you gamble, but with this Android malware, the odds are very much against you. Lookout recently identified an app called “Black Jack Free” in the Google Play store, which turned out to be a variant of the malware family Acecard. The app has since been removed from the store. Because we previously issued coverage for this ma

For the past decade, spear phishing—the dark art of sending personalized e-mails designed to trick a specific person into divulging login credentials or clicking on malicious links—has largely been limited to espionage campaigns carried out by state-sponsored groups. That made sense. The resources it takes to research the names, addresses, and industries of

Trend Micro has published a new report on the Brazilian Cybercriminal Underground, a criminal ecosystem that is becoming one of the most important in the world. Trend Micro has published a new report on the Brazilian Cybercriminal Underground, a criminal ecosystem that is becoming one of the most important in the world. A firs

Cybercriminals behind the Tinba banking Trojan have been homing in on some of the larger banks in Russia and Japan, experts claim.According to researchers with Dell SecureWorks, who looked at an instance of the malware last month, configuration files in one variant are targeting one of the “biggest banks in Europe,” along with two popular Russian

As researchers expected it would, CoreBot, the credential-stealing malware that surfaced last month, has added a bevy of new capabilities and reinvented itself as a robust banking Trojan.Researchers said the malware shares more similarities with Dyre, another high profile banking Trojan, than a run of the mill data-stealing Trojan.Perhaps the malware’s

Developers behind the banking Trojan Vawtrak have begun obscuring some of their servers with Tor2Web, a move that’s added another degree of difficulty when it comes to uncovering their activity.To this point the malware’s techniques –  its evolution beyond banking websites, ability to break encryption, and steal login credentials – have been well

Dark corners of the Internet harbor trouble. They’re supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors?That’s the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some targeted attacks. Hackers are thriving in this arena becau

Trend Micro has published a new study on black cyber-markets focusing on product and services offered on the Brazilian underground. Trend Micro has published a new interesting report on the underground cyber-markets, this is a third study focused on the Brazilian cyber-underground offer, the previous ones analyzed Russian and

The Department of Homeland Security formally sounded the alarm Monday on Dyre, the banking Trojan that’s been spotted siphoning banking credentials from both large enterprises and major financial institutions as of late.The warning came in the form of an alert from the United States Computer Emergency Readiness Team (US-CERT) informing the public of th

Like a predator, criminals who profit online will seek out weak prey.In the context of cybercrime, emerging countries such as Brazil, South Korea and Turkey among many others are in the crosshairs because of a number of factors, including a prevalence of outdated and unpatched computers and lower levels of security awareness within the general population.Rel