Security News

Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps-a total of 337 non-financial Android applications on its target list. Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017.

Banking trojans, which steal online banking logins and other financial credentials from unsuspecting victims, are fairly common - but the more sophisticated examples are often pioneered in Brazil. The third family, Melcoz, has been active since 2018, and is known for malware that, like other banking trojans, steals passwords from browsers and the computer's memory; but it also includes a module for stealing Bitcoin wallets.

The Brazilian cybercriminals behind four banking Trojans collectively dubbed "Tetrade" have decided to expand their business and started targeting victims internationally, Kaspersky's security researchers reveal. The four banking Trojan families - Guildma, Javali, Melcoz and Grandoreiro - have been active for years, but started emerging in attacks in North America, Europe, and Latin America only last year.

A study of banking apps for iOS and Android found poor source code protection, cleartext storage of sensitive data, and other serious flaws that make it easy for attackers to break into accounts. A study of banking apps for iOS and Android has led researchers to conclude that "None of the tested mobile banking applications has an acceptable level of security."

No financial firm is ever safe, especially as cybercriminals become more determined and sophisticated in their attack methods. Cybercriminals often work to exploit fear and uncertainty during major world events by launching cyber attacks, and the pandemic is no exception.

Qbot, an ever-evolving information-stealing trojan that's been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Qbot harvests browsing data and financial info, including online banking details.

The increased use of mobile banking apps due to the COVID-19 pandemic is sure to be followed by an increased prevalence of mobile banking threats: fake banking apps and banking Trojans disguised as those apps, the FBI has warned. "Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020. Additionally, studies indicate 36 percent of Americans plan to use mobile tools to conduct banking activities, and 20 percent plan to visit branch locations less often," the FBI pointed out.

The increase in mobile banking application usage is expected to lead to a rise in exploitation too, the Federal Bureau of Investigation warns. Over the past several years, mobile banking applications have seen wide adoption, and their use went up by 50% since the beginning of this year, an alert from the FBI's Internet Crime Complaint Center reveals.

As a result, the FBI said it expects cybercriminals to target banking customers with fake banking apps and app-based banking trojans. Phony bank apps spoof the actual apps of major banks to trick users into entering their account credentials.

Silent Night is a new sophisticated and heavily obfuscated Zloader/Zbot, ZeuS-derived banking trojan. Silent Night is a new ZeuS derivative, currently being offered under the malware-as-a-service model.