Security News

An advanced persistent threat actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu Dong, Fyodor Yarochkin, and Steven Du said in a technical write-up published Wednesday.

Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. As part of an effort to lend credibility to their phishing attacks, the operators worked by sending emails under the guise of legitimate package delivery services and government entities such as the Treasury, urging the recipients to click on a link that stealthily downloaded malicious software onto the systems.

The TrickBot trojan is adding man-in-the-browser capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said - potentially signaling a coming onslaught of fraud attacks. According to researchers at Kryptos Logic Threat Intelligence, this functionality is carried out by TrickBot's webinject module.

Researchers have seen a new variant of the IcedID banking trojan sliding in via two new spam campaigns. ZIP files full of the malware - or links to such ZIP files - the new twist on the old banking trojan is a tweaked downloader, which the threat actors moved from the initial x86 version to the latest: an x86-64 version.

Dubbed ChaChi by researchers at BlackBerry, the RAT has recently shifted its focus from government agencies to schools in the US. A Remote Access Trojan is targeting schools and universities with ransomware attacks. Specifically, ChaChi has been discovered in data breaches of K-12 schools and higher education facilities in the U.S. as well as the U.K. SEE: Special report: A winning strategy for cybersecurity.

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. The program can be delivered in a couple of ways­ - either via malicious links contained within spam emails, or through a trojanized app.

A never-before-documented Brazilian banking trojan, dubbed Bizarro, is targeting customers of 70 banks scattered throughout Europe and South America, researchers said. Once installed, it kills all running browser processes to terminate any existing sessions with online banking websites - so, when a user initiates a mobile banking session, they have to sign back in, allowing the malware to harvest the details.

Researchers have discovered an Android trojan that can steal victims' SMS messages and credentials and completely take over devices. Once installed on a victim's device, attackers can use the trojan to obtain a live streaming of the device screen on demand and also interact with it via Accessibility Services, according to a report posted online by online fraud-management firm Cleafy about the trojan, which is also tracked by the name "Anatsa."

Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called "TeaBot", the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021, followed by a rash of infections in the first week of May against Belgium and Netherlands banks.

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web. Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud.