Onto the second half of 2020, and a lot of trojans are actively upping their game to spread banking malware. One of these is Trojan Cerberus which disguised itself as a genuine app in order to access the banking details of unsuspecting users. Protect yourself by learning more about this kind of malware in this batch of InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
False Flags in Cyber Threat Intelligence Operations
Source: Medium
All over the web there’s terms like “fake newsâ€; the equivalent to such in the security world is “false flagsâ€. What will Cyber Threat Intelligence (CTI) Programs do about it today in almost every Fortune 100? Read more.
FAKESPY MASQUERADES AS POSTAL SERVICE APPS AROUND THE WORLD
Source: Cybereason
FakeSpy is an information stealer used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more. Read more.
Banking Trojan Cerberus Made it onto the Google Play Store
Source: Avast
As is common with banking malware, Cerberus, disguised itself as a genuine app in order to access the banking details of unsuspecting users. What’s not so common is that a banking Trojan managed to sneak onto the Google Play Store. Read more.
PYTHON MALWARE ON THE RISE
Source: Cyborg Security
The low barrier to entry, ease of use, rapid development process, and massive library collection has made Python attractive for millions of developers- including malware authors. Read more.
How cybercriminals used Covid-19-themed spam to spread dangerous Emotet malware
Source: ITProPortal
Across the world, threat actors are using time-tested Emotet malware to carry out Covid-19 themed campaigns against unsuspecting victims. Read more.
Anchor_dns malware goes cross platform
Source: Medium
The actors behind Trickbot, a high profile banking trojan, have recently developed a Linux port of their new DNS command and control tool known as Anchor_DNS. Read more.
BlackRock – the Trojan that wanted to get them all
Source: Threat Fabric
After investigation, it became clear that BlackRock is derived from the code of the Xerxes banking malware, which itself is a strain of the LokiBot Android banking Trojan. Read more.
A hacker is selling details of 142 million MGM hotel guests on the dark web
Source: ZDNet
The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests. Read more.
The Tetrade: Brazilian banking malware goes global
Source: SecureList
The Tetrade is our designation for four large banking trojan families created, developed and spread by Brazilian crooks, but now on a global level. Read more.
Ransomware, then and now: The change in data theft behavior
Source: Help Net Security
The rising number of people working from home have left more businesses at risk from ransomware than ever before with gaps in network security, shadow IT and a greater reliance on remote communications. Read more.
Analysis of .NET Thanos Ransomware Supporting Safeboot with Networking Mode
Source: Fortinet
FortiGuard Labs captured a new Thanos ransomware sample. This ransomware is being popularly advertised on the underground market as a Ransomware-as-a-Service (RaaS) tool. Read more.
Lampion Trojan Evolves With Improvements in the VBS Downloader
Source: Cyware
The Lampion trojan has been observed spreading via phishing and spear-phishing attack waves. It has been observed targeting several banking organizations and cryptocurrency platforms. Read more.
New Research Exposes Iranian Threat Group Operations
Source: Security Intelligence
IBM X-Force Incident Response Intelligence Services (IRIS) has uncovered rare details on the operations of the suspected Iranian threat group ITG18, which overlaps with Charming Kitten and Phosphorus. Read more.
Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
Source: FireEye
Mandiant Threat Intelligence has researched and written extensively on the increasing financially motivated threat activity directly impacting OT networks. Read more.