Heimadal Security

AUGUST 31, 2023

Department of Justice announced the disruption of an international law enforcement operation that targeted the QakBot botnet and its related malware, which has been linked to numerous cyberattacks and caused nearly $60 million in global losses for victims. Seized and 700K Computers Freed appeared first on Heimdal Security Blog.

Malware 111

Malware Banking Cybersecurity 111

SecureList

FEBRUARY 8, 2024

The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, we encountered a new malware that specifically targets users of more than 60 banking institutions, mainly from Brazil.

Banking 107

Banking Encryption Malware Technology 107

Heimadal Security

MAY 24, 2021

An important cybersecurity company has discovered that the banking trojan Bizarre is now stealing financial data and crypto wallets from 70 banks in Europe and South Africa. The banking trojan Bizarre, a malware originating from Brazil is usually dispersed through MSI downloads in spam messages.

Banking 114

Banking Malware Cybersecurity 114

Heimadal Security

JANUARY 4, 2023

Threat actors use data stolen from Columbian bank customers as lures in email phishing attacks. Cyber researchers warn that the campaign aims infecting endpoints with BitRAT remote access trojan. The post Threat Actors Use Stolen Bank Data for BitRAT Malware Campaign appeared first on Heimdal Security Blog.

Banking 117

Banking Malware Phishing Cybersecurity 117

ZoneAlarm

AUGUST 30, 2023

In an ambitious international operation, law enforcement agencies, spearheaded by the FBI, have neutralized the Qakbot malware infrastructure. This significant move not only marks a large-scale effort to actively combat malware but also underscores the intensified global threat posed by cyber-extortion campaigns, primarily ransomware.

Malware 97

Malware Banking Ransomware Cybersecurity 97

Heimadal Security

DECEMBER 22, 2022

GodFather, a new Android banking trojan, is affecting over 400 banking and crypto apps and is active in 16 countries. The malware targets mainly banking apps (215), but also crypto exchange platforms (110) and crypto wallet providers (94). Victims are spread over U.S., Details About the GodFather […].

Banking 93

Banking Malware Cybersecurity 93

Heimadal Security

AUGUST 10, 2021

It uses the same malware they wrote about in 2020, the Cinobi banking trojan that used to steal banking credentials, but they also identified a rebranded version of it. The post Cinobi Banking Trojan Back in the Game: Malvertising Campaign Targets Japan appeared first on Heimdal Security Blog.

Banking 98

Banking Malware Cybersecurity 98

Heimadal Security

OCTOBER 28, 2022

A new variant of the Drinik Android malware targets 18 Indian banks and shifts strategies by masquerading as the country’s official tax management application, in an attempt to obtain victims’ personal information and banking credentials. In September 2021, however, it gained banking trojan […].

Banking 102

Banking Malware Cybersecurity 102

Security Affairs

MAY 27, 2022

A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 ERMAC was first spotted by researchers from Threatfabric in July 2021, it is based on the popular banking trojan Cerberus. A new #Android banker ERMAC 2.0

Banking 142

Banking Malware Cybercrime Phishing 142

Heimadal Security

FEBRUARY 22, 2022

More than 50,000 Android devices have been infected with a new banking trojan called Xenomorph, which was spread via Google Play Store in order to steal financial information. The post Xenomorph Malware Targets Android Devices to Steal Financial Info appeared first on Heimdal Security Blog.

Malware 128

Malware Banking Cybersecurity 128

Heimadal Security

APRIL 14, 2021

In the first months of the year, researchers noticed a malicious email campaign spreading weaponized Office documents that was delivering QBot trojan, and changing the payload after a short while. Qbot, also known as “Qakbot” or “Pinkslipbot,” is a banking trojan active since 2007 that’s focusing on stealing user data and banking credentials.

Malware 132

Malware Banking Phishing Ransomware 132

Heimadal Security

APRIL 12, 2022

Fakecalls, an Android banking malware, has a powerful feature that allows it to hijack calls to a bank’s customer service number and connect the target directly with the malware’s operators.

Banking 107

Banking Mobile Malware Cybersecurity 107

Heimadal Security

JANUARY 6, 2023

The number of attacks targeting banks grew after the source code for CypherRat, a new SpyNote malware version, was offered for free on hacker groups. CypherRat has both spyware and banking trojan features impersonating banking institutions. Eventually, it was leaked […]. Eventually, it was leaked […].

Spyware 97

Spyware Banking Malware Cybersecurity 97

Heimadal Security

OCTOBER 21, 2022

A new version of the Ursnif malware (a.k.a. Initially emerging as a generic backdoor, this new version has been stripped of its typical banking trojan functionality. This change might indicate that the operators of this new version might change their focus and use the malware to distribute ransomware. Gozi) has surfaced.

Banking 102

Banking Accountability Malware Ransomware 102

Heimadal Security

MARCH 2, 2022

Once more, the banking trojan dubbed TeaBot was discovered in the Google Play Store, this time disguised as a QR code app that spread to over 10,000 devices. This is a gimmick that the malware operators used in January, and despite Google’s removal of these entries, TeaBot appears to have made it into the official […].

Banking 129

Banking Malware Cybersecurity 129

Heimadal Security

FEBRUARY 8, 2022

Medusa malware was noticed to target multiple geographic regions. More Details on Medusa Malware A new report from the ThreatFabric researchers came out revealing insights into the latest methods employed by this banking Trojan. Medusa malware, also known as TangleBot, has been leveraged in North America and […].

Phishing 132

Phishing Malware Banking Cybersecurity 132

Heimadal Security

JULY 5, 2021

TrickBot Trojan, initially known as a banking trojan, but resuming its activity to distributing malware lately, is now improving the features of its old banking module to share its malicious contribution to the financial cybercrime market again.

Banking 82

Banking Cybercrime Marketing Malware 82

Heimadal Security

NOVEMBER 4, 2021

Mekotio is a banking trojan that mostly targets victims in Brazil, Chile, Mexico, Spain, Peru, and Portugal. The use of a SQL database as a C&C server is the most striking characteristic of the latest forms of this malware family. Mekotio is a banking malware that has been around since at least 2015.

Banking 102

Banking Malware Cybersecurity 102

Heimadal Security

JANUARY 21, 2022

TrickBot is a distant descendent of the ZeuS banking Trojan, which first appeared in 2005, although it is most commonly associated with Dyre or Dyreza, which went down in 2015. TrickBot appeared in 2016, replicating parts of Dyre’s malware while preserving its banking credential harvesting and web inject architecture.

Ransomware 119

Ransomware Banking Architecture Malware 119

Heimadal Security

JULY 15, 2021

When it comes to banking malware and all the variants of credentials-stealing Trojans, we agree that there are simply too many out there that you need to pay attention to, so we organized a list of the most dangerous. What you’ll find below is a short presentation for some of the most advanced banking Trojans […].

Banking 105

Banking Accountability Malware 105

Heimadal Security

JANUARY 10, 2023

A malicious IcedID malware campaign was identified recently. According to researchers, threat actors are actively spreading malware using modified versions of the Zoom application that have been trojanized. Most malware is […].

Banking 98

Banking Malware Cybersecurity 98

Krebs on Security

FEBRUARY 28, 2024

But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. It didn’t dawn on Doug until days later that the missed meeting with Mr. Lee might have been a malware attack.

Malware 269

Malware Cryptocurrency Software Scams 269

Heimadal Security

MAY 18, 2021

In a spear-phishing campaign, Truist Financial Corporation has been impersonated by cybercriminals trying to spread malware that seemed to look like remote access trojan (RAT), a program used by hackers to take complete control of the victim’s computer to perform malicious activities. Truist Financial Corp.

Banking 137

Banking Phishing Malware Cybersecurity 137

Heimadal Security

APRIL 11, 2022

Octo, a recently discovered Android banking trojan with remote access capabilities that allows cybercriminals to commit on-device fraud, has been observed in the wild. The post Octo Android Malware Can Take Over Your Device appeared first on Heimdal Security Blog.

Malware 114

Malware Banking Marketing Cybersecurity 114

Security Affairs

JUNE 18, 2022

Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet customers in Spain and Italy. ” concludes the report.

Banking 117

Banking Cryptocurrency Malware Mobile 117

Security Affairs

APRIL 13, 2022

Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. ” Zloader is a banking malware that has been active at least since 2016, it borrows some functions from the notorious Zeus 2.0.8.9 Zeus OpenSSL).

Banking 116

Banking Malware Telecommunications Antivirus 116

Heimadal Security

MARCH 29, 2022

A new email phishing operation has been noticed employing the conversation hijacking strategy to distribute the IcedID banking trojan-type malware onto compromised computers via unpatched and publicly-exposed Microsoft Exchange servers.

Social Engineering 125

Social Engineering Malware Banking Engineering 125

Security Boulevard

DECEMBER 30, 2021

Picus Labs has updated the Picus Threat Library with new attack methods for Krachulka, Lokorrito, Zumanek Trojans that are targeting banks in Brazil, Mexico, and Spain. In this blog, techniques used by these malware families will be explored. Lokkorito and Zumanek act like a classic Remote Access Trojan (RAT).

Banking 111

Banking Malware Spyware Phishing 111

Heimadal Security

DECEMBER 16, 2021

Emotet belongs to the malware strain known as banking Trojans, and it primarily spreads through malspam. The post Cobalt Strike Is Being Installed by Emotet for Faster Attacks appeared first on Heimdal Security Blog. What Is Happening? Historically, after infecting […].

Banking 133

Banking Malware Cybersecurity 133

Heimadal Security

DECEMBER 21, 2021

The Dridex malware is a banking trojan that was originally designed to steal victims’ online banking credentials but has since evolved into a loader that downloads various modules that can be used to perform various malicious actions, such as installing additional payloads, spreading to other devices, taking screenshots, and more.

Malware 98

Malware Banking Cybersecurity 98

Security Affairs

SEPTEMBER 12, 2021

A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The new maxtrilha trojan is being disseminated and targeting several banks around the world. Key findings.

Banking 125

Banking Malware Internet Internet 125

Heimadal Security

NOVEMBER 24, 2022

Affiliates of Black Basta gang are notorious for employing the banking trojan known as QakBot for initial access and almost immediately deploy ransomware in IT systems belonging to worldwide organizations. Companies via Qakbot Malware appeared first on Heimdal Security Blog. However, researchers concluded that U.S.

Ransomware 91

Ransomware Malware Banking Cybersecurity 91

Heimadal Security

DECEMBER 14, 2021

According to security researchers, the TinyNuke banking malware (also known as Nukebot) has resurfaced in a new operation exclusively targeting French users and organizations with invoice-themed email lures. TinyNuke is a trojan-type application that gathers login information. When users visit banking […].

Malware 91

Malware Banking Manufacturing Business Services 91

Heimadal Security

OCTOBER 24, 2022

An ongoing campaign tricks users to download several Windows and Android malware from typosquatting domains. The massive malicious campaign is using over two hundred fake websites that mimic twenty-seven well-known brands to spread information-stealing malware, banking trojans, keylogger, and others.

Banking 90

Banking Malware Cybersecurity 90

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. The banking Trojan uses Domain Generation Algorithm (DGA), which is rarely used by Android malware.

Banking 89

Banking Antivirus Malware Accountability 89

Heimadal Security

NOVEMBER 16, 2021

Emotet is a kind of malware known as banking Trojans. Malspam, or spam emails carrying malware, is the most common way for it to propagate (hence the term). The post Emotet Malware Appears to Be Back in Business appeared first on Heimdal Security Blog. In the past, the […].

Malware 98

Malware Banking Cybersecurity 98

Heimadal Security

APRIL 29, 2022

JPCERT/CC, Japan’s first CSIRT (Computer Security Incident Response Team), has released a new version of their open-source tool EmoCheck to identify new 64-bit variants of the Emotet malware, which started infecting users earlier this month. Emotet belongs to the malware strain known as banking Trojans.

Malware 89

Malware Banking Cybersecurity 89