Security News

"While our team has seen earlier versions of this trojan, which only featured a basic SMS stealer, new, and more elaborate, feature of the overlay malware capability - a tactic common to most Android banking malware." "Abusing the Accessibility service on the device, a relatively common way for Android malware apps to keep tabs on which app is running in the foreground, [Banker.BR] waits for a match with the goal of launching overlay screens at the right time and context to fool the user into tapping their credentials into the overlay," said researchers.

A case of alleged low-orbit internet banking fraud has taken another twist, with the US Attorney's Office for the Southern District of Texas filing an indictment in which it claimed the complainant in the case had lied. The case came to our attention in August 2019 when we chronicled how astronaut Lt Col Anne McClain denied a claim that she'd improperly accessed a bank account belonging to ex-wife Summer Worden while aboard the International Space Station.

The Zeus Sphinx banking trojan is back after being off the scene for nearly three years. First seen in August 2015, Sphinx is a modular malware based on the leaked source code of the infamous Zeus banking trojan, the researchers explained.

IBM and FireEye have spotted a campaign that relies on fake "COVID-19 Payment" emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada and Australia. The emails have the subject line "COVID-19 payment" and they carry malicious documents named "COVID 19 relief."

The TrickBot trojan has a new trick up its sleeve for bypassing a new kind of two-factor authentication security method used by banks - by fooling its victims into downloading a malicious Android app. Researchers first discovered the mobile app after a September 2019 tweet by CERT-Bund flagging TrickBot using man-in-the-browser techniques.

The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The name TrickMo is a direct reference to a similar kind of Android banking malware called ZitMo that was developed by Zeus cybercriminal gang in 2011 to defeat SMS-based two-factor authentication.

British customers of High Street banking brand Natwest are being advised not to use the domain natwest.co.uk - by none other than Natwest itself. Consumers are increasingly becoming aware of threats to their online banking security through malware and malicious apps designed to steal credentials.

Cybercriminals targeted mobile banking users by sending malicious SMS messages to their smartphones as part of a phishing campaign to steal account holders' information, including usernames and passwords, according to the cybersecurity firm Lookout. More than 3,900 mobile banking app users of several Canadian and American banks fell victim to the SMS phishing attacks, which started in June 2019 and apparently recently ended, researchers at Lookout say in their new report.

The latest wave of attacks are highly personalized and, unlike previous campaigns, target victims' mobile banking apps as an extra step to evade detection when making fraudulent transfers. "Some observations from the campaigns are that the adversary operating CamuBot handpicks potential victims and remains as targeted as possible, likely to keep the attack's TTPs on low profile and their team from attracting the attention of local law enforcement," said IBM X-Force researchers Chen Nahman and Limor Kessem, in an analysis this week.

It appears the UK banking system is playing a fiscal game of Top Trumps as both Yorkshire and Clydesdale Bank followed yesterday's example set by Lloyds by not processing payments into customer accounts. Yorkshire Bank's customer service orifice on Twitter gave up responding publicly to users just before 10am, presumably to focus on the wave of customers bombarding the bank's news emitter.