Security News

A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the...

Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking trojan targeting users in Canada by masquerading as a Customer Relationship Management app. The campaign, spotted in July 2024, targeted customers in Canada and Europe, indicating an expansion of its victimology footprint from Australia, Italy, Poland, and the U.K. The use of CRM-related themes for the malicious dropper apps containing the malware points to the targets being customers in the hospitality sector and Business-to-Consumer employees.

Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financial information. Discovered on July 24, 2024, BlankBot is said to be undergoing active development, with the malware abusing Android's accessibility services permissions to obtain full control over the infected devices.

Cybersecurity researchers have uncovered a new Android remote access trojan called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware. "BingoMod belongs to the modern RAT generation of mobile malware, as its remote access capabilities allow threat actors to conduct Account Takeover directly from the infected device, thus exploiting the on-device fraud technique," researchers Alessandro Strino and Simone Mattia said.

The remote access trojan known as Gh0st RAT has been observed being delivered by an "Evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website serving malicious installer packages masquerading as Google's Chrome browser, indicating that users searching for the software on the web are being singled out.

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio. Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal with an aim to steal banking credentials.

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and...

A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. "The threat actor behind this...

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's...

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is...