Security News

Threat actors impersonated Truist, the sixth-largest US bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan malware. In one of the attacks targeting a renewable energy company in February 2021, the phishing emails instructed the target to download a malicious Windows app mimicking the legitimate Truist Financial SecureBank App and supposedly needed to complete the process behind a $62 million loan.

Researchers have discovered an Android trojan that can steal victims' SMS messages and credentials and completely take over devices. Once installed on a victim's device, attackers can use the trojan to obtain a live streaming of the device screen on demand and also interact with it via Accessibility Services, according to a report posted online by online fraud-management firm Cleafy about the trojan, which is also tracked by the name "Anatsa."

In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.

In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.

In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.

The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical insights in the region. "In order to compromise victims, LuckyMouse typically uses watering holes, compromising websites likely to be visited by its intended targets, ESET malware researcher Matthieu Faou said in a report published today."LuckyMouse operators also perform network scans to find vulnerable internet-facing servers run by their intended victims.

Bank holding company First Horizon Corporation disclosed the some of its customers had their online banking accounts breached by unknown attackers earlier this month. First Horizon Bank, the company's banking subsidiary, operates a network of hundreds of bank locations in 12 states across the Southeast.

Fusion Risk Management announced that it has further strengthened its offerings to help financial institutions meet and exceed new Bank of England, PRA, and FCA regulatory requirements which take effect in early 2022, in addition to the recently formalized guidance shared by the Basel Committee. Fusion's collaborative ENGAGE customer community fosters a common understanding and best practices between those working toward greater operational resilience in financial services.

Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims - by spoofing real-life customer scenarios. "These email attacks employed a gamut of techniques to get past traditional email security filters and pass the eye tests of unsuspecting end users," Kumar wrote.

Two email campaigns discovered by Armorblox impersonated Chase in an attempt to steal login credentials. In a new report released Tuesday, email security provider Armorblox looked at two recent phishing campaigns aimed at Chase Bank customers and offered advice on how to protect yourself from such scams.