Security News

The U.S. Cybersecurity and Infrastructure Security Agency warns of an increase in attacks targeting state and local governments with the Emotet Trojan. Active for over a decade, Emotet is a Trojan mainly used to drop additional malware onto compromised systems.

Virus Bulletin 2020 - A loose affiliation of cybercriminals are working together to author and distribute multiple families of banking trojans in Latin America - a collaborative effort that researchers say is highly unusual. Multiple, distinct malware families have plagued Latin American banking customers for years - the variants include Amavaldo, Casbaneiro, Grandoreiro, Guildma, Krachulka, Lokorrito, Mekotio, Mispadu, Numando, Vadokrist and Zumanek, according to ESET. In examining these families over time, ESET researchers began to notice "Some similarities between multiple families in our series, such as using the same uncommon algorithm to encrypt strings or suspiciously similar DGAs to obtain C2 server addresses," according to a Thursday analysis.

More variants of the Joker Android malware are cropping up in Google Play as well as third-party app stores, in a trend that researchers say points to a relentless targeting of the Android mobile platform. The Joker apps advertise themselves as legitimate apps.

A newly uncovered banking trojan called Alien is invading Android devices worldwide, using an advanced ability to bypass two-factor authentication security measures to steal victim credentials. Researchers believe Alien is a "Fork" of the infamous Cerberus banking malware, which has undergone a steady demise in use over the past year.

The Zeppelin ransomware has sailed back into relevance, after a hiatus of several months. These, like an initial Zeppelin wave observed in late 2019, start with phishing emails with Microsoft Word attachments that have malicious macros on board.

Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand. "The emails contain malicious attachments or links that the receiver is encouraged to download," New Zealand's Computer Emergency Response Team said.

Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason. A new remote access trojan is aiming at financial technology companies in the UK and European Union to capture sensitive information through keylogging and screen captures.

The latest variant of this trojan extracts email threads from Outlook, which it uses for phishing attacks, says Check Point Research. A new phishing campaign analyzed by threat intelligence provider Check Point reveals how the old Qbot trojan has been repurposed to phish people by capturing their email threads.

One new Qbot feature hijacks a victim's Outlook-based email thread and uses it to infect other PCs. The 12-year-old malware resurface in January 2020, according to F5 researchers, who issued a report in June detailing new Qbot evasive features to avoid detection. Most of the victims of the new Qbot campaigns have been in the United States, where 29 percent of Qbot attacks have been detected, followed by India, Israel and Italy, according to Check Point.

A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research. In an analysis released by Check Point Research today, the latest wave of Qbot activity appears to have dovetailed with the return of Emotet - another email-based malware behind several botnet-driven spam campaigns and ransomware attacks - last month, with the new sample capable of covertly gathering all email threads from a victim's Outlook client and using them for later malspam campaigns.