Security News

Qbot, an ever-evolving information-stealing trojan that's been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Qbot harvests browsing data and financial info, including online banking details.

The increased use of mobile banking apps due to the COVID-19 pandemic is sure to be followed by an increased prevalence of mobile banking threats: fake banking apps and banking Trojans disguised as those apps, the FBI has warned. "Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020. Additionally, studies indicate 36 percent of Americans plan to use mobile tools to conduct banking activities, and 20 percent plan to visit branch locations less often," the FBI pointed out.

The increase in mobile banking application usage is expected to lead to a rise in exploitation too, the Federal Bureau of Investigation warns. Over the past several years, mobile banking applications have seen wide adoption, and their use went up by 50% since the beginning of this year, an alert from the FBI's Internet Crime Complaint Center reveals.

As a result, the FBI said it expects cybercriminals to target banking customers with fake banking apps and app-based banking trojans. Phony bank apps spoof the actual apps of major banks to trick users into entering their account credentials.

Silent Night is a new sophisticated and heavily obfuscated Zloader/Zbot, ZeuS-derived banking trojan. Silent Night is a new ZeuS derivative, currently being offered under the malware-as-a-service model.

A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware's author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service model. Silent Night is advertised with a host of features, according to a Thursday analysis from Malwarebytes.

The lifespan of phishing attacks in H2 2019 has grown considerably and resulted in the tremendous increase in the number of phishing websites blockages, says Group-IB's Computer Emergency Response Team. In H2 2019 CERT-GIB blocked a total of 8, 506 phishing web resources, while in H2 2018, the figure stood at 2,567.

A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase.

A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase.

These emails claim to offer help on getting government funds but instead lead recipients to a web page that tries to capture their banking credentials. A button on the site proclaims: "Get Economic Impact Payment Now." Clicking on that button triggers a dropdown menu with the names of well-known banks, such as Wells Fargo, Chase, Bank of America, and Citizens Bank.