HackDig : Dig high-quality web security articles for hacker

Ursnif Campaign Waves Breaking on Japanese Shores

According to IBM X-Force data on the activity of financial malware operated by organized cybercrime groups, the Ursnif (aka Gozi) banking Trojan was the most active malware code in the financial sector in 2016 and has maintained its dominance through 2017 to date. Ursnif’s activity is marked by both frequent code modifications and campaign activity in
Publish At:2017-10-26 19:35 | Read:3893 | Comments:0 | Tags:Banking & Financial Services Malware Threat Intelligence Ban

Brazilian Malware Client Maximus: Maximizing the Mayhem

In January 2017, IBM X-Force research reported the development of a new remote-access malware code targeting Brazilian banks. The malware, dubbed Client Maximus, was observed in ongoing campaigns and continues to target online banking users in the country. The development of Client Maximus, which is believed to be commercially available in Brazilian fraud an
Publish At:2017-09-12 13:50 | Read:2923 | Comments:0 | Tags:Fraud Protection Malware Threat Intelligence Advanced Threat

Faketoken evolves and targets taxi booking apps to steal banking info

Kaspersky discovered a news strain of the mobile banking Trojan Faketoken that displays overlays on top of taxi booking apps to steal banking information. Security experts from Kaspersky have discovered a news strain of the infamous mobile banking trojan Faketoken that implements capabilities to detect and record an infected device’s calls and display
Publish At:2017-08-18 14:30 | Read:2962 | Comments:0 | Tags:Breaking News Malware Mobile Android Banking Malware Faketok

Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware

This is the first installment in an ongoing series about banking malware that faded away in 2017. Cybercrime is a very dynamic threat landscape. With over 100 million malware strains tracked by AV-TEST in 2016, malware can be a dime a dozen. When it comes to the more organized cybercrime groups and sophisticated banking Trojan projects, malware families are
Publish At:2017-08-08 16:20 | Read:2819 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

After Big Takedown Efforts, 20 More BankBot Mobile Malware Apps Make It Into Google Play

A flashlight app, fake videos or a fake gaming app? Any one of those could be malicious and harboring a mobile malware app, right there in a trusted official app store. In an ongoing trend, IBM X-Force noted that malicious apps manage to circumvent controls and infiltrate legitimate stores. And this is not about the plethora of adware apps infecting users in
Publish At:2017-07-28 03:30 | Read:4080 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Mobile

Pinkslipbot banking Trojan exploiting infected machines as control servers

Pinkslipbot banking Trojan is a banking Trojan that uses a complicated multistage proxy for HTTPS-based control server communication. Security researchers at McAfee Labs have spotted a new strain of the Pinkslipbot banking malware (also known as QakBot/QBot) that leverages UPnP to open ports, allowing incoming connections from anyone on the Internet to commu
Publish At:2017-06-19 11:00 | Read:3434 | Comments:0 | Tags:Breaking News Cyber Crime Malware Banking Malware botnet Cyb

QakBot Banking Trojan Causes Massive Active Directory Lockouts

IBM X-Force Research recently observed a wave of malware-induced Active Directory (AD) lockouts across several incident response engagements. The lockouts caused hundreds to thousands of AD users to get locked out of their company’s domain in rapid succession, leaving employees of the impacted organizations unable to access their endpoints, company ser
Publish At:2017-06-03 00:15 | Read:6229 | Comments:0 | Tags:Advanced Threats Incident Response Threat Intelligence Banki

TrickBot Is Hand-Picking Private Banks for Targets — With Redirection Attacks in Tow!

IBM X-Force research follows organized cybercrime and continually monitors the criminals’ targets and modus operandi. In a recent analysis of TrickBot campaigns in the U.K., Australia and Germany, I found that the operators of the infamous Trojan have been adding new redirection attacks focused on a list of brands that I had never seen in the past. Cur
Publish At:2017-04-27 19:35 | Read:4025 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Avalanche: Thwarting Cybercriminal Hazards with Law Enforcement Collaboration

On November 30th, an international law enforcement operation stamped out Avalanche, a large-scale content and management platform designed for the delivery of bullet-proof botnets. Avalanche’s scale and scope spanned victims from 180 countries, over 800,000 domains in 60+ top-level domains (TLD), more than one million phishing and spam e-mails, 500,000 infec
Publish At:2016-12-07 22:10 | Read:4435 | Comments:0 | Tags:Botnets Malware Avalanche banking malware botnet law enforce

Brazilian underground is the first in spreading cross-platform malware

Coder in the Brazilian Cyber Criminal underground are Pioneering Cross-platform malware relying on Java archive (JAR) Files. Recently security experts at PaloAlto Networks uncovered a new family of ransomware dubbed KeRanger that targets Mac OS X users, a circumstance that demonstrates that every OS is potentially at risk. Now researchers at Kaspersky Lab ha
Publish At:2016-03-09 11:05 | Read:3368 | Comments:0 | Tags:Breaking News Malware Banking Malware Brazil cross-platform

Tinba, a 20KB trojan that scares banks in Singapore and Indonesia

A new variant of the infamous Tinba banking trojan has emerged in the wild and is targeting financial institutions in the Asia Pacific region. Even small threats can scare the giants, this is the case of Tinba, a small malware that continues to create serious problems for financial institutions. Tinba is a popular financial tr
Publish At:2016-01-19 17:30 | Read:3181 | Comments:0 | Tags:Breaking News Cyber Crime Malware Banking Malware cyber crim

Banking Malware Moving Over Facebook Hosted in Cloud

A new run of Spy Banker banking malware infections has been targeting Portuguese-speaking victims in Brazil.While Spy Banker is an old threat, dating back to 2009 according to some security companies, the latest wrinkle attackers are taking is a new one. The campaign, spotted by researchers at Zscaler, spreads primarily over social media—Facebook for the m
Publish At:2015-12-10 18:25 | Read:3445 | Comments:0 | Tags:Cloud Security Malware Social Engineering Web Security Banki

This Week in Security: Experian and T-Mobile Breach, Linux Botnet, Android Stagefright 2.0

Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently.Here’s what you don’t want to miss from the week of September 28, 2015:A massive data breach at Experian – one of largest credit report
Publish At:2015-10-05 07:20 | Read:2650 | Comments:0 | Tags:This Week in Security banking malware breach Citadel DDoS Ex

Dridex Banking Malware Back in Circulation

Conspicuously off the grid for close to two months, the Dridex banking Trojan made some noise Thursday morning when a large phishing campaign, primarily targeting victims in the U.K., was corralled by researchers at Palo Alto Networks.The phishing emails are laced with a Microsoft Word document that entices users to enable macros that call out to attacker-co
Publish At:2015-10-02 08:30 | Read:2463 | Comments:0 | Tags:Malware Banking Malware banking trojan Dridex krebs on secur

Infected Korean Website Installs Banking Malware

On September 18, 2015, we saw an activity on koreatimes.com where we captured a malicious binary. We investigated further and found that this campaign is specifically targeted to Korean sites and Korean banks. We looked at our logs for this year and found more Korean websites infected: koreatimes.com (Sep. 18, 2015) filehon.com(May 30, 2015) joara.com (May
Publish At:2015-09-28 20:10 | Read:4723 | Comments:0 | Tags:Banking Malware exploit kit Malware Deep Dive New Infection


Share high-quality web security related articles with you:)


Tag Cloud