Security News
A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America. Bizarro is under constant development as its author keeps expanding the list of supporting banks and they modify it to improve anti-analysis protections.
A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. The campaign consists of multiple moving parts, chief among them being the ability to trick users into entering two-factor authentication codes in fake pop-up windows that are then sent to the attackers, as well as its reliance on social engineering lures to convince visitors of banking websites into downloading a malicious smartphone app.
Threat actors impersonated Truist, the sixth-largest US bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan malware. In one of the attacks targeting a renewable energy company in February 2021, the phishing emails instructed the target to download a malicious Windows app mimicking the legitimate Truist Financial SecureBank App and supposedly needed to complete the process behind a $62 million loan.
Researchers have discovered an Android trojan that can steal victims' SMS messages and credentials and completely take over devices. Once installed on a victim's device, attackers can use the trojan to obtain a live streaming of the device screen on demand and also interact with it via Accessibility Services, according to a report posted online by online fraud-management firm Cleafy about the trojan, which is also tracked by the name "Anatsa."
In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.
In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.
In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.
The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical insights in the region. "In order to compromise victims, LuckyMouse typically uses watering holes, compromising websites likely to be visited by its intended targets, ESET malware researcher Matthieu Faou said in a report published today."LuckyMouse operators also perform network scans to find vulnerable internet-facing servers run by their intended victims.
Bank holding company First Horizon Corporation disclosed the some of its customers had their online banking accounts breached by unknown attackers earlier this month. First Horizon Bank, the company's banking subsidiary, operates a network of hundreds of bank locations in 12 states across the Southeast.
Fusion Risk Management announced that it has further strengthened its offerings to help financial institutions meet and exceed new Bank of England, PRA, and FCA regulatory requirements which take effect in early 2022, in addition to the recently formalized guidance shared by the Basel Committee. Fusion's collaborative ENGAGE customer community fosters a common understanding and best practices between those working toward greater operational resilience in financial services.