Security News

A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a thriving hub for buying and selling illegal services or stolen data. However analysts at threat intelligence company Resecurity noticed mentions of STYX on the dark web since early 2022, when the founders were still building the escrow module.

Nexus malware is an Android banking trojan promoted via a malware-as-a-service model. In an underground cybercrime forum ad, the malware project is described as "Very new" and "Under continuous development." More messages from the Nexus author in one forum thread indicate the malware code has been created from scratch.

Australian loan giant Latitude Financial Services is warning customers that its data breach is much more significant than initially stated, taking the number of affected individuals from 328,000 to 14 million. Australian loan giant Latitude Financial Services has released an updated data breach notification warning customers that the breach is much more significant than initially stated, taking the number of affected individuals from 328,000 to 14 million.

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud. "Nexus provides all the main features to perform ATO attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception."

An Android voice phishing malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. FakeCalls was previously documented by Kaspersky in April 2022, describing the malware's capabilities to imitate phone conversations with a bank customer support agent.

Keeping up with financial fraud is incredibly difficult because accurate fraud detection requires a deep, real-time analysis of all the events surrounding a transaction. Teams need to have a portfolio of techniques to call upon, a centralized structure for identifying and combatting threats, and an agile approach to fight cyber-attacks and financial fraud.

The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the exploitation of a zero-day in the same program.

The participants were asked about attacks targeting the financial and accounting data of their organizations. Looking ahead, almost half of the executives polled expect both the volume and size of cyberattacks targeting this type of data to increase in the coming year.

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. "PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS, enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks," researchers Francesco Iubatti and Alessandro Strino said.

A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. "The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no custom malware deployed in this campaign," Symantec, a division of Broadcom Software, said in a report shared with The Hacker News.