Fileless Banking Trojan Targeting Brazilian Banks Downloads Possible Botnet Capability, Info Stealers

Trend Micro analyzed a fileless malware with multiple .BAT attachments and a batch file from IoCs reported by researchers online that was capable of opening an IP address, downloading a PowerShell with a banking trojan payload, and installing a hack Read More …

Russian national, author of NeverQuest banking trojan, pleads guilty

A Russian national pleaded guilty today in a New York court of creating, running, and infecting users with the NeverQuest banking trojan –also known as Snifula and Vawtrack. The man’s name is Stanislav Vitaliyevich Lisov, a Russian national who went Read More …

Malspam campaign fakes Google reCAPTCHA images to fool victims

A recently discovered malspam campaign targeting customers of a Polish bank was found using forgeries of Google reCAPTCHA images to fake legitimacy. The banking malware was delivered via phishing emails that purported to seekin confirmation of a recent banking transaction Read More …

Hackers Use Compromised Banks as Starting Points for Phishing Attacks

Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries. In a report released today and shared with BleepingComputer, international security company Group-IB specialized in preventing cyber Read More …

Banks Under Attack: Tactics and Techniques Used to Target Financial Organizations

US$100 – 300 billion: That’s the estimated losses that financial institutions can potentially incur annually from cyberattacks. Despite the staggering amount, it’s unsurprising — over the past three years, several banks suffered $87 million in combined losses from attacks that compromised their Read More …

Metro Bank targeted with 2FA-bypassing SS7 attacks

Metro Bank has reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass attack after hackers infiltrated a telecoms firm’s text messaging protocol. The Signalling Systems No. 7 (SS7) protocol is used by telecom firms to coordinate how texts and Read More …

TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions. A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader Read More …

Phishing template uses fake fonts to decode content and evade detection

Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique Read More …