Security News

Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
2023-10-02 05:02

An emerging Android banking trojan called Zanubis is now masquerading as a Peruvian government app to trick unsuspecting users into installing the malware. "Zanubis's main infection path is...

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions
2023-09-26 11:49

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric,...

New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
2023-09-22 14:48

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated...

Hook: New Android Banking Trojan That Expands on ERMAC's Legacy
2023-09-18 12:11

A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. Regardless of these differences, both Hook and ERMAC can log keystrokes and abuse Android's accessibility services to conduct overlay attacks in order to display content on top of other apps and steal credentials from over 700 apps.

New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
2023-09-01 09:11

A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear. The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs said in a new report.

MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature
2023-08-30 15:12

A previously undocumented Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June 2023 to remotely commandeer the devices and perform financial fraud. "The malware, named after its distinctive package name com.mm.user, can capture user input and screen content, and can also remotely control victim devices through various techniques, enabling its operators to carry out bank fraud on the victim's device," Trend Micro said.

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
2023-08-14 15:54

A new remote access trojan called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providing them with unauthorized access to the victim's sensitive information," Uptycs said in a new report published today.

Attackers can turn AWS SSM agents into remote access trojans
2023-08-02 12:59

Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as...

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan
2023-08-02 11:50

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services that allows the AWS Systems Manager Agent to be run as a remote access trojan on Windows and Linux environments. "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with SSM agent installed, to carry out malicious activities on an ongoing basis," Mitiga researchers Ariel Szarf and Or Aspir said in a report shared with The Hacker News.

European Bank Customers Targeted in SpyNote Android Trojan Campaign
2023-08-01 11:11

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. What makes the malware strain notable is its dual functions as spyware and perform bank fraud.