Security News

A threat group tracked as Stantinko was observed using a new version of a Linux proxy Trojan that poses as Apache servers to remain undetected. Previously, the Stantinko group was mainly known for the targeting of Windows systems, but recent attacks show that they are also focusing on evolving their Linux malware, with a new proxy Trojan that masquerades as httpd, the Apache Hypertext Transfer Protocol Server found on many Linux servers.

Ever since its discovery in 2014-when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses. Emotet is the most uploaded malware throughout the past few years.

A new banking trojan has been discovered targeting Android users, with the capabilities to spy on 153 mobile apps from various banks, cryptocurrencies and exchanges. Kaspersky telemetry shows that all victims of the Ghimob mobile banking trojan are currently located in Brazil at the moment.

Four months after security researchers uncovered a "Tetrade" of four Brazilian banking Trojans targeting financial institutions in Brazil, Latin America, and Europe, new findings show that the criminals behind the operation have expanded their tactics to infect mobile devices with spyware. According to Kaspersky's Global Research and Analysis Team, the Brazil-based threat group Guildma has deployed "Ghimob," an Android banking Trojan targeting financial apps from banks, fintech companies, exchanges, and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique.

A trojan targeting Linux and deployed by a known ransomware gang has been discovered by Russian antivirus firm Kaspersky. The trojan was, so the two said, similar to the existing RansomEXX trojan, which they said had been deployed only last week against Brazil's courts, as well as targets in the US and elsewhere.

The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time. Where Android users are served up the full Wroba download, according to researchers, the executable doesn't work on iPhone.

The group had three hierarchical levels: leaders, mid-level managers, and money mules. The funds were transferred through a complex series of transactions that included transfers to other bank accounts controlled by the money-laundering group and conversion to cryptocurrency.

The U.S. Cybersecurity and Infrastructure Security Agency warns of an increase in attacks targeting state and local governments with the Emotet Trojan. Active for over a decade, Emotet is a Trojan mainly used to drop additional malware onto compromised systems.

Virus Bulletin 2020 - A loose affiliation of cybercriminals are working together to author and distribute multiple families of banking trojans in Latin America - a collaborative effort that researchers say is highly unusual. Multiple, distinct malware families have plagued Latin American banking customers for years - the variants include Amavaldo, Casbaneiro, Grandoreiro, Guildma, Krachulka, Lokorrito, Mekotio, Mispadu, Numando, Vadokrist and Zumanek, according to ESET. In examining these families over time, ESET researchers began to notice "Some similarities between multiple families in our series, such as using the same uncommon algorithm to encrypt strings or suspiciously similar DGAs to obtain C2 server addresses," according to a Thursday analysis.

More variants of the Joker Android malware are cropping up in Google Play as well as third-party app stores, in a trend that researchers say points to a relentless targeting of the Android mobile platform. The Joker apps advertise themselves as legitimate apps.