Trojan | SC Media

Trojan

LookBack malware targeting utility sector

Three U.S. firms in the utility sector were hit with a spear phishing campaign in mid-July with the emails containing a malicious Word document that can contain and can install the new remote access trojan LookBack. The Proofpoint Threat Insight Team’s initial take is the attack was the work of a nation-state sponsored actor based…

malware

RIG, Fallout EKs used to deliver new SystemBC malware

Researchers have come across a new proxy malware program that’s being delivered by the RIG and Fallout exploit kits as part of a larger campaign to infect victims with malicious payloads such as the Danabot banking trojan. Proofpoint’s Threat Insight Team began to track the malware, called SystemBC, on June 4 when it was observed…

trojanhorse_1032765

Riltok banking trojan begins targeting Europe

The Riltok banking trojan, originally intended to target Russians, has, after a few modifications, set its sights on the European market. The malware has more recently diverted four percent of its traffic to France and even smaller percentages to Italy, Ukraine and the U.K., although 90 percent of its victims in Russia, according to a June 25…

Locky TrickBot geography

Trickbot variant using fake shipping info in the wild

A new Trickbot variant has appeared on Trend Micro’s radar that uses a URL redirect in a spam email as a tactic to sidestep spam filters set to block the malware. The spam email is well-constructed and legitimate appearing with content that indicates a processed order is ready for shipping and includes a shipping number…

ShadowHammer code found in several video games

An adjunct to the ShadowHammer campaign has been uncovered that has video games being implanted with malware in a similar manner as was done with ASUS computers. Kaspersky Labs’ GReAT team previously disclosed ShadowHammer in March, after discovering the supply chain attack in January, but this time it tracked a case from the creator of…

Brazillian Flag

Brazilian Banking Trojan BasBanke spreads via Facebook and WhatApp promos

A new Brazilian banking trojan, dubbed BasBanke, is setting trends in Brazil with over 10,000 installations from the official Google Play Store alone. Kaspersky Labs researchers witnessed the malware starting to make rounds during that country’s 2018 election and found the malware has credential stealing, keylogging, screen recording, SMS interception, payment card and financial information…

Pharma firm Bayer hit with WINNTI malware

The German drug manufacturer Bayer reported it was hit with a cyberattack launched from China that used WINNTI malware that resided on its network for at least one year. The company told Reuters it found the malware in its system in early 2018 and then studied and analyzed until last month when it was removed.…

trojanhorse_1032765

Gustuff banking trojan disables Google Protect and Accessibility Service mode

An Android trojan dubbed Gustuff is capable of targeting more than 1,000 global banking apps, cryptocurrency and marketplace applications. Group-IB researchers uncovered the malware that casts a wide net and  is complete with fully automated features designed to steal both fiat and crypto currency from user accounts by leveraging a device’s Accessibility Service mode to…

Malspam campaign leverages Boeing 737 Max tragedy

Threat actors are once again leveraging tragedy, this time sending spam messages concerning the recent Boeing 737 MAX crash which took place last week. The campaign was discovered by 360 Threat Intelligence Center researchers who posted about the malicious campaign on Twitter. Cybercriminals posing as a “private intelligent analyst” are sending spam loaded with malware…

Locky TrickBot geography

Center for Internet Security warns of Trickbot

TrickBot malware targets users financial information and acts as a dropper for other malware and can be leveraged to steal banking information, conduct system and network reconnaissance, harvest credentials and achieve network propagation, according to a security primer released by the Multi-State Information Sharing and Analysis Center (MS-ISAC). “The malware authors are continuously releasing new…

Next post in Security News