Security News

Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening. Among other things, Moscow-based Infotel provides connectivity services between the Russian Central Bank and other Russian banks, online stores, and credit institutions.

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. The cybersecurity company attributed the campaign, dubbed Operation CMDStealer, to a Brazilian threat actor based on an analysis of the artifacts.

A Brazilian threat actor is targeting Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. PeepingTitle, like Maxtrilha, is written in the Delphi programming language and is equipped to grant the attacker full control over the compromised hosts as well as capture screenshots and drop additional payloads.

A Brazilian hacking group has been targeting thirty Portuguese government and private financial institutions since 2021 in a malicious campaign called 'Operation Magalenha. The attackers use many methods to distribute their malware to targets, including phishing emails pretending to come from Energias de Portugal and the Portuguese Tax and Customs Authority, social engineering, and malicious websites that mimic these organizations.

The UK National Savings and Investment bank is being bombarded with complaints over failing online security and authentication features which customers say have locked them out of their accounts. The Register has contacted NS&I to offer it the opportunity to respond.

Websites and mobile apps of Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland are experiencing web and mobile app outages leaving customers unable to access their account balances and information. BleepingComputer has been able to confirm that the four major UK banks are currently experiencing disruptions related to their online banking and mobile banking systems since the early morning hours of Friday, April 28th. Websites of banks including Lloyds, Halifax, TSB, and Bank of Scotland admit that some customers are having issues when accessing Internet and Mobile banking services.

A new Android trojan called 'Chameleon' has been targeting users in Australia and Poland since the start of the year, mimicking the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank. The mobile malware was discovered by cybersecurity firm Cyble, which reports seeing distribution through compromised websites, Discord attachments, and Bitbucket hosting services.

Australia's Westpac bank re-wrote its job ads for infosec roles after finding the language it used deterred female candidates. The land down under, like most other lands, has a shortage of cyber security professionals.

New IcedID variants have been found without the usual online banking fraud functionality and instead focus on installing further malware on compromised systems. Proofpoint has identified two new variants of the IcedID loader, namely "Lite" and "Forked", both delivering the same IcedID bot with a more narrow-focused feature set.

A convincing Twitter scam is targeting bank customers by abusing the quote-tweet feature, as observed by BleepingComputer. Users tagging Twitter accounts of their banks in their tweets-for example, when raising complaints about an issue, should watch out for responses from non-verified Twitter accounts that may closely be impersonating the bank's support staff and instead be a scam.