Onto the second half of 2020, and a lot of trojans are actively upping their game to spread banking malware. One of these is Trojan Cerberus which disguised itself as a genuine app in order to access the banking details of unsuspecting users. Protect yourself by learning more about this kind of malware in this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

Mylobot

False Flags in Cyber Threat Intelligence Operations

Source: Medium

All over the web there’s terms like “fake news”; the equivalent to such in the security world is “false flags”. What will Cyber Threat Intelligence (CTI) Programs do about it today in almost every Fortune 100? Read more.

IOT

FAKESPY MASQUERADES AS POSTAL SERVICE APPS AROUND THE WORLD

Source: Cybereason

FakeSpy is an information stealer used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more. Read more.

Cerberus

Banking Trojan Cerberus Made it onto the Google Play Store

Source: Avast

As is common with banking malware, Cerberus, disguised itself as a genuine app in order to access the banking details of unsuspecting users. What’s not so common is that a banking Trojan managed to sneak onto the Google Play Store. Read more.

malicious Microsoft Office documents

PYTHON MALWARE ON THE RISE

Source: Cyborg Security

The low barrier to entry, ease of use, rapid development process, and massive library collection has made Python attractive for millions of developers- including malware authors. Read more.

malicious Microsoft Office documents

How cybercriminals used Covid-19-themed spam to spread dangerous Emotet malware

Source: ITProPortal

Across the world, threat actors are using time-tested Emotet malware to carry out Covid-19 themed campaigns against unsuspecting victims. Read more.

Cerberus

Anchor_dns malware goes cross platform

Source: Medium

The actors behind Trickbot, a high profile banking trojan, have recently developed a Linux port of their new DNS command and control tool known as Anchor_DNS. Read more.

Cerberus

BlackRock – the Trojan that wanted to get them all

Source: Threat Fabric

After investigation, it became clear that BlackRock is derived from the code of the Xerxes banking malware, which itself is a strain of the LokiBot Android banking Trojan. Read more.

Mylobot

A hacker is selling details of 142 million MGM hotel guests on the dark web

Source: ZDNet

The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests. Read more.

malicious Microsoft Office documents

The Tetrade: Brazilian banking malware goes global

Source: SecureList

The Tetrade is our designation for four large banking trojan families created, developed and spread by Brazilian crooks, but now on a global level. Read more.

malicious Microsoft Office documents

Ransomware, then and now: The change in data theft behavior

Source: Help Net Security

The rising number of people working from home have left more businesses at risk from ransomware than ever before with gaps in network security, shadow IT and a greater reliance on remote communications. Read more.

Cerberus

Analysis of .NET Thanos Ransomware Supporting Safeboot with Networking Mode

Source: Fortinet

FortiGuard Labs captured a new Thanos ransomware sample. This ransomware is being popularly advertised on the underground market as a Ransomware-as-a-Service (RaaS) tool. Read more.

Cerberus

Lampion Trojan Evolves With Improvements in the VBS Downloader

Source: Cyware

The Lampion trojan has been observed spreading via phishing and spear-phishing attack waves. It has been observed targeting several banking organizations and cryptocurrency platforms. Read more.

malicious Microsoft Office documents

New Research Exposes Iranian Threat Group Operations

Source: Security Intelligence

IBM X-Force Incident Response Intelligence Services (IRIS) has uncovered rare details on the operations of the suspected Iranian threat group ITG18, which overlaps with Charming Kitten and Phosphorus. Read more.

malicious Microsoft Office documents

Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families

Source: FireEye

Mandiant Threat Intelligence has researched and written extensively on the increasing financially motivated threat activity directly impacting OT networks. Read more.