Security News
"While our team has seen earlier versions of this trojan, which only featured a basic SMS stealer, new, and more elaborate, feature of the overlay malware capability - a tactic common to most Android banking malware." "Abusing the Accessibility service on the device, a relatively common way for Android malware apps to keep tabs on which app is running in the foreground, [Banker.BR] waits for a match with the goal of launching overlay screens at the right time and context to fool the user into tapping their credentials into the overlay," said researchers.
The Zeus Sphinx banking trojan is back after being off the scene for nearly three years. First seen in August 2015, Sphinx is a modular malware based on the leaked source code of the infamous Zeus banking trojan, the researchers explained.
IBM and FireEye have spotted a campaign that relies on fake "COVID-19 Payment" emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada and Australia. The emails have the subject line "COVID-19 payment" and they carry malicious documents named "COVID 19 relief."
The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol accounts. TrickBot is a malware strain that has been around since 2016, starting life as a banking trojan.
The trojans are designed to gain control of Facebook user accounts by capturing browser cookies in Android, says Kaspersky. This trojan captures root rights on an Android device, thus allowing it to steal cookies from the browser and from Facebook and transfer them to the server of the cybercriminals behind it.
Their tastes however can run to a different sort of cookie, as evidenced by a fresh strain of Android malware that may be implanted prior to users purchasing a device. Appropriately dubbed "Cookiethief" by the Kaspersky researchers who discovered it, the trojan has a straightforward goal: "Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals' server," explained Kaspersky researchers Anton Kivva and Igor Golovin, in an analysis on Thursday.
The latest wave of attacks are highly personalized and, unlike previous campaigns, target victims' mobile banking apps as an extra step to evade detection when making fraudulent transfers. "Some observations from the campaigns are that the adversary operating CamuBot handpicks potential victims and remains as targeted as possible, likely to keep the attack's TTPs on low profile and their team from attracting the attention of local law enforcement," said IBM X-Force researchers Chen Nahman and Limor Kessem, in an analysis this week.
Know where Maksim “Aqua” Yakubets is? Can you pry him out of Russia and his Lamborghinis? The biggest ever cybercrook reward awaits!
The Lazarus hacking group are trying to sneak a ‘fileless’ Trojan on to Apple computers, disguised as a fake cryptocurrency trading program.
Account-draining malware masterminds charged but remain in motherland US prosecutors have slapped a $5m bounty on the heads of two Russian nationals they claim are part of the malware gang behind...