Google Play boots fake apps that spy on devices’ motion sensor data before dropping Anubis malware

A fake currency converter and a phony battery utility program are among the latest fraudulent apps to be expunged from Google Play, according to researchers who discovered they were infecting users with a version of the Anubis banking malware family. Both fraudulent apps employ a crafty technique to determine whether it is safe for them…

DanaBot banking trojan adds sly spam feature, distributes GootKit malware

The DanaBot banking trojan is branching out into new territories, adding email address harvesting and spam distribution to its bag of tricks, while apparently partnering with the actors behind GootKit, another banking malware program. In a company blog post today, researchers at ESET said they observed DanaBot’s sudden evolution while investigating a September 2018 campaign that…

StatCounter platform compromised to infect exchange with bitcoin-stealing code

A malicious actor compromised the platform of leading web analytics firm StatCounter in a supply chain attack that targeted the cryptocurrency exchange with a bitcoin-stealing script. Outside of, none of the other two million-plus websites using StatCounter’s metrics services appear to have been affected by the malicious JavaScript, even if they downloaded it. That’s because the…

In the vault

When it comes to protecting financial info, IT security professionals can never rest on their laurels, reports Jean Thilmany.

Next post in Finance