Security News

Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe. "Guildma, Javali, Melcoz and Grandoreiro are examples of yet another Brazilian banking group/operation that has decided to expand its attacks abroad, targeting banks in other countries," Kaspersky said in an analysis.

Banking trojans, which steal online banking logins and other financial credentials from unsuspecting victims, are fairly common - but the more sophisticated examples are often pioneered in Brazil. The third family, Melcoz, has been active since 2018, and is known for malware that, like other banking trojans, steals passwords from browsers and the computer's memory; but it also includes a module for stealing Bitcoin wallets.

The Brazilian cybercriminals behind four banking Trojans collectively dubbed "Tetrade" have decided to expand their business and started targeting victims internationally, Kaspersky's security researchers reveal. The four banking Trojan families - Guildma, Javali, Melcoz and Grandoreiro - have been active for years, but started emerging in attacks in North America, Europe, and Latin America only last year.

Trojans, backdoors and droppers, oh my: These are the top three malware types being analyzed by threat intelligence teams, according to statistics out on Thursday. According to anonymized statistics from requests to the Kaspersky Threat Intelligence Portal, almost three quarters of the analyzed malicious files fell into those three categories.

Almost three quarters of all requests for analysis to Kaspersky's Threat Intelligence Portal were for trojans, backdoors, and droppers. Organizations and individuals must grapple with a variety of cyberthreats and malware from phishing attacks to ransomware to viruses to trojans and more.

Qbot, an ever-evolving information-stealing trojan that's been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Qbot harvests browsing data and financial info, including online banking details.

Silent Night is a new sophisticated and heavily obfuscated Zloader/Zbot, ZeuS-derived banking trojan. Silent Night is a new ZeuS derivative, currently being offered under the malware-as-a-service model.

A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware's author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service model. Silent Night is advertised with a host of features, according to a Thursday analysis from Malwarebytes.

ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection. A relatively new ransomware, ProLock, has paired up with the QakBot banking trojan to access victims' networks.

A fresh malware trojan has emerged, built from the same code base as the stealthy COMPFun remote access trojan. The malware is using spoofed visa applications to hit diplomatic targets in Europe and may be the work of the Turla APT. According to researchers at Kaspersky, the fake visa application harbors code that acts as a first-stage dropper.