Researchers are warning users about a wave of recent attacks targeting U.S. financial institutions that leverage a new banking Trojan dubbed IcedID.
The IcedID Trojan was spotted in September. They said the Trojan has several standout techniques and procedures, such as the ability to spread over a network and the ability to monitor a browser’s activity by setting up a local proxy for traffic tunneling. “At this time, the malware targets banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the U.S.,” researchers wrote in a report released Monday explaining the discovery.Read more
Cryptocurrencies are basically the same as e-money — like WebMoney or PayPal. That means they also have the same problems as classic e-payment systems.
However, the operating principles specific to cryptocurrencies sometimes make the problems more likely to occur, and thus more disturbing. In addition, the same principles are responsible for a certain number of risks unique to cryptocurrencies. We’ll start with common problems such as plain old theft. Let’s say you’re transferring money to a friend. You copy his wallet address accurately, but malware replaces the address in the clipboard with another one.Read more
More than one million people were tricked into downloading a fake Android app that was pretending to be WhatsApp. The app was called "Update WhatsApp" and is still on the Play Store, although the developer has now changed its name to "Dual Whatsweb Update" and switched the icon, which doesn't look like the WhatsApp icon anymore.
But before its facelift, the app mimicked WhatsApp in a clear attempt to trick users into downloading it thinking they were downloading an update for the popular messaging app, according to users who reviewed the app on the Play Store, and users on Reddit, who flagged the malicious app.Read more
When you think you've seen it all, malware authors always find a way to impress you. Today's "that's clever!" moment comes courtesy of a criminal group that's been spreading a new version of the Zeus Panda banking trojan since June, this year.
Instead of relying on old techniques of malvertising and spam campaigns, this group has taken a novel approach, never before seen in the distribution of banking trojans. Black-hat SEO, for the win! This Zeus Panda group decided to rely on a network of hacked websites, on which they inserted carefully chosen keywords in new pages or hid the keywords inside existing pages.Read more
Imagine that one day you decide to use Bitcoin to pay for, say, a pizza. You copy the wallet address from the pizzeria’s website, enter the required amount, and click the Send button.
The transfer goes through, but the pizza doesn’t arrives. The pizzeria owners say they never received the payment. What’s going on? Don’t get mad at the pizza guys — it’s all down to CryptoShuffler. Unlike cryptoransomware, this Trojan avoids flashy effects, instead doing its best to slip under the radar. It resides quietly in the computer’s memory and monitors the clipboard — the temporary storage area for cut/paste operations.Read more
A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own.
Replacing this wallet ID sends all subsequent mining revenue to the attacker instead of the equipment's real owner. Scans started on Monday. The attacks started on Monday and were first detected by a honeypot set up by Romanian cyber-security firm Bitdefender. Honeypot logs showed attackers trying two peculiar SSH username and password combos.Read more
Experts have discovered a new targeted attack using a Trojan by the name of Silence against financial institutions. Russian banks are first in the line of fire, but Malaysian and Armenian organizations have also been infected.
Tactically, the attack is very similar to the canonical financial APT campaign, the notorious Carbanak: a phishing e-mail with a malicious attachment sent to employees of banks and financial organizations, followed by spying on employees and then, suddenly, a fraudulent transaction. This proven method has already brought its operators billions of dollars, so why not try it again?Read more
The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites.
An unknown hacker appears to have breached a dark web marketplace called Basetools and leaked samples of its database online.
The hacker has threatened to leak the dark web market operator's identity as well as Basetools' data to US authorities, including the FBI, DHS, DoJ and others, unless a ransom of $50,000 (£38,112) is paid. Basetools is an underground marketplace often advertised in Russian-speaking cybercrime forums and markets, which allows dark web vendors to sell spamming tools, credit card data, hacked customer accounts, among other things.Read more
If you get a message from a Facebook Friend telling you they urgently need your help accessing their account — pause, because someone’s trying to use Facebook security against you.
Experts yesterday revealed details of the phishing scam that has apparently claimed a few victims recently. It’s basically an attempt to con you into handing over your account codes to someone you think you can trust. The attack is initiated by someone who has already taken over the account of a friend. They send you an urgent message claiming to need help getting back into their account, and to check your email for a recovery code.Read more