Security News

Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
2023-10-02 05:02

An emerging Android banking trojan called Zanubis is now masquerading as a Peruvian government app to trick unsuspecting users into installing the malware. "Zanubis's main infection path is...

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions
2023-09-26 11:49

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric,...

New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
2023-09-22 14:48

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated...

Hook: New Android Banking Trojan That Expands on ERMAC's Legacy
2023-09-18 12:11

A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. Regardless of these differences, both Hook and ERMAC can log keystrokes and abuse Android's accessibility services to conduct overlay attacks in order to display content on top of other apps and steal credentials from over 700 apps.

New Python Variant of Chaes Malware Targets Banking and Logistics Industries
2023-09-05 12:19

Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. A subsequent analysis from Avast in early 2022 found that the threat actors behind the operation, who call themselves Lucifer, had breached more than 800 WordPress websites to deliver Chaes to users of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago.

Gigabud RAT Android Banking Malware Targets Institutions Across Countries
2023-08-15 10:15

Gigabud RAT was first documented by Cyble in January 2023 after it was spotted impersonating bank and government apps to siphon sensitive data. While Android devices have the "Install from Unknown Sources" setting disabled by default as a security measure to prevent the installation of apps from untrusted sources, the operating system allows other apps on installed on the device, such as web browsers, email clients, file managers, and messaging apps, to request the "REQUEST INSTALL PACKAGES" permission.

Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan
2023-08-01 04:20

Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware...

Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique
2023-07-25 12:10

The financially motivated threat actors behind the Casbaneiro banking malware family have been observed making use of a User Account Control bypass technique to gain full administrative privileges on a machine, a sign that the threat actor is evolving their tactics to avoid detection and execute malicious code on compromised assets. Casbaneiro, also known as Metamorfo and Ponteiro, is best known for its banking trojan, which first emerged in mass email spam campaigns targeting the Latin American financial sector in 2018.

Banking Sector Targeted in Open-Source Software Supply Chain Attacks
2023-07-24 07:24

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it," Checkmarx said in a report published last week.

New TOITOIN Banking Trojan Targeting Latin American Businesses
2023-07-10 12:22

Businesses operating in the Latin American region are the target of a new Windows-based banking trojan called TOITOIN since May 2023. "This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage," Zscaler researchers Niraj Shivtarkar and Preet Kamal said in a report published last week.