Threat Actors Blanket Androids with Flubot, Teabot Campaigns
Attackers have been using a technique called smishing and injecting a malicious Google Play QR reader to infect victims’ phones with malicious banking trojans. Researchers have detailed a variety of active campaigns delivering the Flubot and Teabot trojans via various different methods. In one case, malicious SMS messages containing a
New banking Trojan SharkBot makes waves across Europe, US
Cybersecurity researchers at Cleafy discovered a new Andriod banking Trojan that has the ability to circumvent multi-factor authentication controls via the abuse of the Automatic Transfer System (ATS). The trojan was discovered in October and does not appear to belong to any known malware family. Researchers have named the malware
Microsoft Warns of Malware Delivery via Google URLs
Microsoft has warned of a new campaign utilizing legitimate website contact forms to target victims with URLs that ultimately deliver a banking Trojan. The attack campaign is delivering the IcedID banking Trojan to businesses via emails containing fake legal threats, creating a sense of urgency and luring victims into clicking
Alien Android Banking Trojan Sidesteps 2FA
A new variant of the infamous Cerberus banking Trojan named Alien has been ruthlessly targeting victims’ credentials for over 200 popular mobile apps, including Microsoft Outlook and Bank of America. The banking trojan is gaining access to Android devices worldwide through utilizing an advanced authentication bypass tool that allows it
TrickBot malware now checks screen resolution to evade analysis
The notorious TrickBot trojan has evolved again, this time acquiring the ability to check the screen resolutions of victims to detect whether the malware is running on a virtual machine or on the actual device. Researchers typically analyze malware while running a virtual machine that is outfitted with different analysis
US bank customers targeted in ongoing Qbot campaign
F5 Labs has discovered ongoing attacks utilizing the Qbot malware payloads to steal banking credentials from customers of US financial institutions, including JP Morgan, Wells Fargo, Capital One, Bank of America, and Citibank. Qbot is a banking trojan with features that are used to steal financial data, such as logging
FBI Expects Increased Targeting of Mobile Banking Applications
The FBI’s Internet Crime Complaint Center released an alert earlier this week warning Americans that threat actors will likely increasingly target mobile banking applications as they rise in popularity. According to the alert, mobile banking application use went up by 50% since the beginning of this year, drawing the attention
TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy
IBM X-Force recently disclosed that malicious actors are spreading the TrickBot trojan through fake messages that are COVID-19 themes. The new campaign capitalizes on public concern and interest in the Department of Labor’s Family and Medical Leave Act (FMLA). IBM X-Force stated that they uncovered the campaign after the analysis
Zeus Sphinx Banking Trojan Arises Amid COVID-19
After three years, the Zeus Sphinx banking trojan has returned to the cybersecurity scene amid the global pandemic, aiming to capitalize on government relief efforts. According to two researchers at IBM X-Force, Amir Gandler and Limor Kessem, the trojan began resurfacing in December, however, there has been a significant increase
TrickBot Adds ActiveX Control, Hides Dropper in Images
The TrickBot banking trojan has recently increased its capabilities, adding Windows 10 ActiveX control. This new feature gives the banking trojan the ability to execute malicious macros that are hidden in documents. A researcher at Morphisec Labs stated that in the past few weeks, two dozen documents have emerged that