Trojan | SC Media

Trojan

Locky TrickBot geography

Trickbot variant using fake shipping info in the wild

A new Trickbot variant has appeared on Trend Micro’s radar that uses a URL redirect in a spam email as a tactic to sidestep spam filters set to block the malware. The spam email is well-constructed and legitimate appearing with content that indicates a processed order is ready for shipping and includes a shipping number…

ShadowHammer code found in several video games

An adjunct to the ShadowHammer campaign has been uncovered that has video games being implanted with malware in a similar manner as was done with ASUS computers. Kaspersky Labs’ GReAT team previously disclosed ShadowHammer in March, after discovering the supply chain attack in January, but this time it tracked a case from the creator of…

Brazillian Flag

Brazilian Banking Trojan BasBanke spreads via Facebook and WhatApp promos

A new Brazilian banking trojan, dubbed BasBanke, is setting trends in Brazil with over 10,000 installations from the official Google Play Store alone. Kaspersky Labs researchers witnessed the malware starting to make rounds during that country’s 2018 election and found the malware has credential stealing, keylogging, screen recording, SMS interception, payment card and financial information…

Pharma firm Bayer hit with WINNTI malware

The German drug manufacturer Bayer reported it was hit with a cyberattack launched from China that used WINNTI malware that resided on its network for at least one year. The company told Reuters it found the malware in its system in early 2018 and then studied and analyzed until last month when it was removed.…

trojanhorse_1032765

Gustuff banking trojan disables Google Protect and Accessibility Service mode

An Android trojan dubbed Gustuff is capable of targeting more than 1,000 global banking apps, cryptocurrency and marketplace applications. Group-IB researchers uncovered the malware that casts a wide net and  is complete with fully automated features designed to steal both fiat and crypto currency from user accounts by leveraging a device’s Accessibility Service mode to…

Malspam campaign leverages Boeing 737 Max tragedy

Threat actors are once again leveraging tragedy, this time sending spam messages concerning the recent Boeing 737 MAX crash which took place last week. The campaign was discovered by 360 Threat Intelligence Center researchers who posted about the malicious campaign on Twitter. Attackers are using topics regarding #Boeing 737 MAX 8 crash and seems an…

Locky TrickBot geography

Center for Internet Security warns of Trickbot

TrickBot malware targets users financial information and acts as a dropper for other malware and can be leveraged to steal banking information, conduct system and network reconnaissance, harvest credentials and achieve network propagation, according to a security primer released by the Multi-State Information Sharing and Analysis Center (MS-ISAC). “The malware authors are continuously releasing new…

Belonard Trojan spread via zero days in Counter-Strike 1.6

Cybercriminals are exploiting zero-day vulnerabilities in an old game Counter-Strike 1.6 to spread the Belonard Trojan. To give context, the overall number of game servers registered on Steam exceeds 5,000 while the number of players using official CS 1.6 clients reaches an average of 20,000 people online. “Many owners of popular game servers also raise…

trojanhorse_1032765

IcedID banking trojan now used against online retailers

The malicious actors behind the IcedID banking trojan have branched out and are now using the malware to steal payment card credentials from online retailers and may have even become malware-as-a-service dealers. The e-tailer attacks began in November 2018 and instead of grabbing customer banking information, IcedID is used to grab credentials and payment card…

trojanhorse_1032765

Check Point talks about the SpeakUp backdoor trojan

Check Point researchers have offered up the details on the new SpeakUp backdoor that has been found on servers in China during the 2019 CPX 360 Cybersecurity Summit and Expo. The malicious actors are taking advantage of CVE-2018-20062, a vulnerability in Chinese PHP frameworks, capable of targeting servers running six different Linux distributions and macOS,…

Next post in Malware