Attackers are spreading a trojan by leveraging a Windows application that lets users type complex characters and symbols, such as a foreign language letters. The trojan cloaks itself as a Windows Input Method Editor (IME) file, researchers at Websense said in a Monday blog post. Once installed, it disables anti-virus (AV) processes that may be running on the target machine, in addition to deleting any AV executable files that have been installed. — DK
BleepingComputer reports that several U.S. financial institutions and numerous cryptocurrency apps are having their users mostly targeted by an expanded Xenomorph malware campaign leveraging an updated version of the Android banking trojan that also set sights on users in Canada, Italy, Spain, Belgium, and Portugal.