Security News

Cloud-based cybersecurity and cybercompliance management solutions provider DefenseStorm on Tuesday announced that it raised $12 million in Series B funding, along with $7 million in growth capital financing. DefenseStorm plans on bringing to market its CyberFraud module, as well as to increase efficiency through its Threat Ready Active Compliance service provider team.

The partnership will further enhance Cellulant's cybersecurity by proactively securing its digital banking channels and guarding against digital banking and payment fraud. Entersekt is working with the Cellulant team to integrate its mobile software development kit with Cellulant's product stack, making Entersekt's authentication and app security solutions available to Cellulant's clients.

Ever since its discovery in 2014-when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses. Emotet is the most uploaded malware throughout the past few years.

A new banking trojan has been discovered targeting Android users, with the capabilities to spy on 153 mobile apps from various banks, cryptocurrencies and exchanges. Kaspersky telemetry shows that all victims of the Ghimob mobile banking trojan are currently located in Brazil at the moment.

Four months after security researchers uncovered a "Tetrade" of four Brazilian banking Trojans targeting financial institutions in Brazil, Latin America, and Europe, new findings show that the criminals behind the operation have expanded their tactics to infect mobile devices with spyware. According to Kaspersky's Global Research and Analysis Team, the Brazil-based threat group Guildma has deployed "Ghimob," an Android banking Trojan targeting financial apps from banks, fintech companies, exchanges, and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique.

The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters. Not only do the phishing pages mimic HMRC's web interface meticulously, but they also have entire online banking workflows built into them, depending on who your banking provider is.

Brovko was tasked with sifting through the logs of these botnets for internet banking credentials vacuumed by the malware, which were subsequently used by fellow conspirators to steal millions of dollars from Americans' accounts in fraudulent transfers. "Where his computer code could not effectively parse the data, Brovko supplemented his computer-automated efforts with manual searches of the data," his indictment [PDF] noted.

The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time. Where Android users are served up the full Wroba download, according to researchers, the executable doesn't work on iPhone.

The group had three hierarchical levels: leaders, mid-level managers, and money mules. The funds were transferred through a complex series of transactions that included transfers to other bank accounts controlled by the money-laundering group and conversion to cryptocurrency.

Virus Bulletin 2020 - A loose affiliation of cybercriminals are working together to author and distribute multiple families of banking trojans in Latin America - a collaborative effort that researchers say is highly unusual. Multiple, distinct malware families have plagued Latin American banking customers for years - the variants include Amavaldo, Casbaneiro, Grandoreiro, Guildma, Krachulka, Lokorrito, Mekotio, Mispadu, Numando, Vadokrist and Zumanek, according to ESET. In examining these families over time, ESET researchers began to notice "Some similarities between multiple families in our series, such as using the same uncommon algorithm to encrypt strings or suspiciously similar DGAs to obtain C2 server addresses," according to a Thursday analysis.