Security News
A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research. In an analysis released by Check Point Research today, the latest wave of Qbot activity appears to have dovetailed with the return of Emotet - another email-based malware behind several botnet-driven spam campaigns and ransomware attacks - last month, with the new sample capable of covertly gathering all email threads from a victim's Outlook client and using them for later malspam campaigns.
Threat actors have enhanced a banking trojan that has been widely used during the COVID-19 pandemic with new functionality to help it avoid detection by potential victims and standard security protections. Attackers have implemented several new features - including a password-protected attachment, keyword obfuscation and minimalist macro code-in a recent phishing campaign using documents trojanized by the widely used banking trojan IcedID, according to a new report by Juniper Networks security researcher Paul Kimayong.
Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe. "Guildma, Javali, Melcoz and Grandoreiro are examples of yet another Brazilian banking group/operation that has decided to expand its attacks abroad, targeting banks in other countries," Kaspersky said in an analysis.
Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe. "Guildma, Javali, Melcoz and Grandoreiro are examples of yet another Brazilian banking group/operation that has decided to expand its attacks abroad, targeting banks in other countries," Kaspersky said in an analysis.
Banking trojans, which steal online banking logins and other financial credentials from unsuspecting victims, are fairly common - but the more sophisticated examples are often pioneered in Brazil. The third family, Melcoz, has been active since 2018, and is known for malware that, like other banking trojans, steals passwords from browsers and the computer's memory; but it also includes a module for stealing Bitcoin wallets.
The Brazilian cybercriminals behind four banking Trojans collectively dubbed "Tetrade" have decided to expand their business and started targeting victims internationally, Kaspersky's security researchers reveal. The four banking Trojan families - Guildma, Javali, Melcoz and Grandoreiro - have been active for years, but started emerging in attacks in North America, Europe, and Latin America only last year.
Trojans, backdoors and droppers, oh my: These are the top three malware types being analyzed by threat intelligence teams, according to statistics out on Thursday. According to anonymized statistics from requests to the Kaspersky Threat Intelligence Portal, almost three quarters of the analyzed malicious files fell into those three categories.
Almost three quarters of all requests for analysis to Kaspersky's Threat Intelligence Portal were for trojans, backdoors, and droppers. Organizations and individuals must grapple with a variety of cyberthreats and malware from phishing attacks to ransomware to viruses to trojans and more.
Qbot, an ever-evolving information-stealing trojan that's been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Qbot harvests browsing data and financial info, including online banking details.
Silent Night is a new sophisticated and heavily obfuscated Zloader/Zbot, ZeuS-derived banking trojan. Silent Night is a new ZeuS derivative, currently being offered under the malware-as-a-service model.