Finance

Finance

Phishing emails imitate North American banks to infect recipients with TrickBot

An spam-based phishing campaign recently targeted North American banking customers with malicious Excel documents designed to infect victims with a new variant of the information-stealing TrickBot banking trojan, researchers reported earlier this week. The scam dates back to at least Jan. 27 and peaked in volume on Jan. 30, according a new blog post from…

Russians targeted in Redaman banking malware operation

An ongoing email phishing campaign designed to spread Redaman banking malware aggressively targeted Russian-speakers, especially those with .ru addresses, over the last four months of 2018. Researchers at Palo Alto Networks’ Unit 42 division reported this week in a company blog post that from September through December, its threat intelligence service detected 3,845 email sessions…

Google Play boots fake apps that spy on devices’ motion sensor data before dropping Anubis malware

A fake currency converter and a phony battery utility program are among the latest fraudulent apps to be expunged from Google Play, according to researchers who discovered they were infecting users with a version of the Anubis banking malware family. Both fraudulent apps employ a crafty technique to determine whether it is safe for them…

DanaBot banking trojan adds sly spam feature, distributes GootKit malware

The DanaBot banking trojan is branching out into new territories, adding email address harvesting and spam distribution to its bag of tricks, while apparently partnering with the actors behind GootKit, another banking malware program. In a company blog post today, researchers at ESET said they observed DanaBot’s sudden evolution while investigating a September 2018 campaign that…

StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code

A malicious actor compromised the platform of leading web analytics firm StatCounter in a supply chain attack that targeted the cryptocurrency exchange gate.io with a bitcoin-stealing script. Outside of gate.io, none of the other two million-plus websites using StatCounter’s metrics services appear to have been affected by the malicious JavaScript, even if they downloaded it. That’s because the…

In the vault

When it comes to protecting financial info, IT security professionals can never rest on their laurels, reports Jean Thilmany.