The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks.
IBM X-Force and Flashpoint both recently spotted new Trickbot activity. According to the researchers, spam campaigns have been active over the past several months, with the latest Trickbot attack reported earlier this week. While Flashpoint focused on the U.S. as targets, IBM focused on the redirection attacks used to steal login details, personally identifiable information and financial authentication codes.Read more
Banking Trojan TrickBot is no longer hitting only banks and financial institutions, but also added payment processing and Customer Relationship Management (CRM) providers to its list of targets.
Supposedly developed by the same gang that previously operated the Dyre Trojan, TrickBot was first spotted in the summer of 2016, and initially detailed in October. By November, the malware was being used in widespread infection campaigns in the UK and Australia, and popped up in Asia the next month. Earlier this year, it started targeting the private banking sector. The 26 active TrickBot configurations observed in May 2017 were targeting banks.Read more
A lot of ads on the Internet promote easy ways to earn money. They tend to lead to fishy places — say, a post from an alleged mother of three who stays at home, earning several thousand dollars a day, and says you can do the same.
But there are other ways to earn some easy money, too, that may seem much more plausible. For example, some services offer to pay you for installing apps. The money amounts to pocket change, but the work is pretty effortless. This kind of scheme is especially popular among children — install 50 apps and get a $2.50 to buy some gear for your favorite character in an online game.Read more
In January, security researchers warned that Android users may soon face a spike in malware attacks after the source code of a banking Trojan leaked online. Now, confirming the fears, Google is taking action after sneaky malware crept onto its official app store.
On 17 April the strain, dubbed "BankBot", was discovered in an application called "HappyTimes Videos" on Google's Play Store. In addition, experts from Securify, a Dutch cybersecurity firm, recently found another infected app there, titled "Funny Videos 2017". The Trojan is able to pose as legitimate services, mostly banks and financial institutions.Read more
Palo Alto Networks researchers have analyzed a string of legitimate-looking Android apps and have discovered that the adware included in them has the potential to do much more than just show ads.
Variants of the Ewind adware/malware are usually packaged in popular game and social media apps such as GTA Vice City, Minecraft – Pocket Edition, VKontakte, but also in many mobile security apps such as AVG cleaner and Avast! Ransomware Removal. And these apps are offered for download on well-established online Android app stores catering Russian-speaking users. The adware Trojan in fact potentially allows full remote access to the infected device.Read more
Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages.
SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send convincing bogus messages to trick mobile users into downloading a malware app onto their smartphones or lures victims into giving up sensitive information. Security researchers have uncovered that Chinese hackers are using fake base transceiver stations to distribute "Swearing Trojan," an Android banking malware that once appeared neutralized after its authors were arrested in a police raid.Read more
Android-targeting banking Trojan Marcher is on the rise, infecting devices via a phishing attack using SMS/MMS, gaining extensive privileges, displaying an overlay window to your banking app and collecting all your data, all the while successfully avoiding your antivirus apps.
It all starts with a phishing attack using SMS or MMS, with the messages including a link leading to a fake version of a popular app, such as WhatsApp, Runtastic or Netflix, to name a few. The link, however, doesn’t lead you to the good old Google Play Store, which is safe for the most part, but to a third-party app store. Of course, this doesn’t work if you don’t have the option selected from your phone’s security settings.Read more
One of the most important pieces of advice on cybersecurity is that you should never input logins, passwords, credit card information, and so forth, if you think the page URL looks weird. Weird links are sometimes a sign of danger. If you see, say, fasebook.com instead of facebook.com, that link is weird.
But what if the fake Web page is hosted on the legitimate page? It turns out this scenario is actually plausible — and the bad guys don’t even need to hack the server that hosts the target page. Let’s examine how it works. The trick here is in the way our normal-looking Web page addresses are an add-on to real the IP addresses the Internet works with.Read more
Devices running Android are being targeted by a new version of the Tordow malware, which was originally discovered earlier this year and attempts to obtain root privileges to perform a series of actions, such as stealing passwords.
Tordow 2.0 is primarily a mobile banking Android Trojan that attempts to root the device in order to get full control and then perform a series of tasks that include the following: make phone calls, control SMS messages, steal login credentials, access contacts, encrypt files, visit webpages, manipulate banking data, remove security software, reboot a device, rename files, and act as ransomware.Read more
The current generation of Android banking trojans are all equipped with ransomware-like features in order to lock the user's device. Despite possessing such dangerous functions, very few Android banking trojans deploy them, focusing on their primary job of collecting login credentials for banking portals and instant messaging applications.
Nevertheless, when the ransomware feature is activated, the crooks behind the banking trojan do it for a very good reason. In most cases, the trojan's ransomware feature is used as a secondary monetization feature, activated on devices where the original banking trojan has failed to collect login credentials or credit card details.Read more