Researchers have presented data about a cyber-espionage campaign they named OilRig, targeting Saudi Arabian financial institutions and technology organizations, which appears to have taken aim at the country's defense industry as well, but at a different time last year.

The most recent waves of attacks were recorded in May 2016 and seem to have ties with a broader campaign targeting a large number of banks across the Middle East, which is using malicious Excel files and on which we reported at the start of last week. Expert says the crooks used two different delivery methods to deploy a backdoor named Helminth. 

As if ransomware weren’t bad enough, now it’s metastasising: not just spreading rapidly but even picking up secondary characteristics. Take Cerber, ransomware first spotted in the wild back in February 2016.

At the time, Cerber was best known for being somewhat spooky — instead of merely flashing an ominous message at victims, Cerber delivered its ransom “note” verbally as well. Still, it was a standard modus operandi: Give us money and we’ll give you back your files. Now, Cerber and other Trojans encrypt the data of their victims, and most computer users haven’t a clue how to handle it. Sounds like a great diversionary tactic, doesn’t it?

An Android trojan detected by Russian security firm Dr.Web as Android.SmsSpy.88 evolved in the past two years from simple spyware to banking trojan, and now to a mobile ransomware threat.

First detected in April 2014, the trojan was initially distributed via SMS spam, and once it infected victims, it was capable of intercepting phone calls and SMS messages, usually used for two-factor authentication systems. As time went by, the Android.SmsSpy trojan evolved and added the ability to phish for credit card details using a Google Play Store-like interface, as well as to show interstitials mimicking popular Russian bank logins.

Five apps on Google Play carry Viking Horde, a new malware family that ropes Android devices into an ad-clicking botnet, but can also make them send out spam, send SMS messages to premium-rate numbers, download additional apps, and even participate in DDoS attacks.

The discovery was made by Check Point researchers, and they have notified Google about it on May 5, but as I’m writing this, the apps are still available on Android’s official app store. The most popular of these is Viking Jump, which was installed by at least 50,000 users, despite the poor ratings and reviews that point to its questionable nature.

Researchers have come across a new banking Trojan that appears to borrow code from the notorious Zeus. Dubbed Panda Banker, the threat was discovered in February by Fox IT and later analyzed in detail by experts at Proofpoint.

According to Proofpoint, cybercriminals have used both spear-phishing emails and exploit kits to deliver the Trojan. In one spear-phishing campaign observed on March 10, attackers sent an email containing a malicious document to people working in mass media and manufacturing organizations. When recipients opened the document, Panda Banker was downloaded from a remote server.

If you haven’t embraced backups yet because you think you are so tech savvy that you wouldn’t open spam email or fall for social engineering tricks, then brace yourself for cryptoworms.

Security researchers warned that self-propagating ransomware, the semi-autonomous kind that doesn’t need any help from humans to spread, is coming in the future. The Cisco Talos report, “Ransomware: Past, Present, and Future” first delves into the “traits of highly effective strains of self-propagating malware” before discussing how ransomware could evolve to include powerful, built-in, self-propagating traits like those in worms and botnets.

Security experts are warning organizations about a new USB trojan that is extremely difficult to spot, can target air-gapped systems, and is ideal for cyber and industrial espionage campaigns.

Nicknamed USB Thief, this is probably the most complex trojan ever discovered, using encryption and self-protection procedures to infect targets and hide from prying eyes. The trojan binds itself on each USB stick, using the USB drive's details to hide its malicious files under AES128 encryption. If the trojan is copied to another USB or on a classic storage device, the encryption breaks, and the content of the malicious files cannot be determined.

Two-factor authentication via SMS is widely used by banks. Of course, this measure works better than a mere password but it’s not impenetrable. Security specialists found it could be fooled 10 years ago, just when this type of protection was gaining popularity.

Sadly, so have malware creators. That’s why banking Trojan developers are able to breach one-time SMS passwords with ease. It’s hardly an exaggeration if we say that any modern banking Trojan knows how to fool SMS-based two-factor authentication systems. In fact malware creators have no other choice: as all banks turn to this protective measure, Trojans need to adapt.

You know how armies typically move: first come the scouts to make sure everything is ok. Then the heavy troops arrive; at least that was how it used to be before the age of cyber wars. It turns out, that Trojans behave in a very similar way.

There are a lot of small Trojans for Android capable of leveraging access privileges, in other words — gaining root access. Our malware analysts Nikita Buchka and Mikhail Kuzin can easily name 11 families of such Trojans. Most of them are almost harmless — all they did until recently was injecting tons of ads and downloading others of their kind.

At the Security Analyst Summit 2016 our Global Research and Analysis Team has published extensive research on the Adwind Remote Access Tool. It has been developed for several years and distributed through a single malware-as-a-service platform, which means that anyone can pay small dollars for the service and use the malicious tool to their advantage.

GReAT researchers discovered this malware platform during the attempted targeted attack against a bank in Singapore. The malware came in form of a malicious Java-file attached to a spear-phishing email, which was received by a targeted employee at the bank.