Banking and Finance


  • Android: New StrandHogg vulnerability is being exploited in the wild

    December 2, 2019

    Security researchers from Promon, a Norwegian firm specialized in in-app security protections, said they identified a bug in the Android operating system that lets malicious apps hijack legitimate app, and perform malicious operations on their behalf. In a comprehensive report published today, the research team said the vulnerability can be used to trick users into granting intrusive permissions ...

  • Imminent Monitor – a RAT Down Under

    December 2, 2019

    The availability of “commodity malware” – malware offered for sale – empowers a large population of criminals, who make up for their lack of technical sophistication with an abundance of malicious intent. Rather than looking just at the malware samples and functionality themselves, we’ve taken an interest in the commodity malware ecosystem; especially into the malware ...

  • Meet PyXie: A Nefarious New Python RAT

    December 2, 2019

    BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT we’re calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. It has been seen in conjunction with Cobalt Strike ...

  • Emotet resurgence packs in new binaries, Trickbot functions

    November 6, 2019

    Emotet, a Banking Trojan turned devastating modular threat, has returned with upgraded functions in a new wave of attacks. The malware, first discovered in 2014, has evolved over the past few years from a relatively basic, singular threat into a customizable modular package used to deploy additional payloads against financial institutions, the enterprise, and consumers worldwide. Emotet, believed to ...

  • Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs

    November 4, 2019

    The Ryuk ransomware has added two features to enhance its effectiveness: The ability to target systems that are in “standby” or sleep mode; and the use of Address Resolution Protocol (ARP) pinging to find drives on a company’s LAN. Both are employed after the initial network compromise of a victim organization. Ryuk, which is distributed by ...

  • The Banking and Finance Industry Under Cybercriminal Siege: An Overview

    October 22, 2019

    Financial institutions have now taken on an even more active role in the growing information technology (IT) and operational technology (OT) convergence. The need for 24/7-connected smart devices has driven the industry to adapt, especially with the wider adoption of the internet of things (IoT) among businesses and users. Unfortunately, this round-the-clock connection with their respective ...

  • Fin7 Cybergang Retools With New Malicious Code

    October 11, 2019

    The Fin7 cybercrime group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. Researchers said that this is evidence that Fin7 is still a growing threat despite the arrest of several Fin7 members in 2018. The notorious group has adopted a new dropper sample called Boostwrite, which uses new detection evasion ...

  • FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops

    October 9, 2019

    trend Micro discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider “Volusion,” one of the top e-commerce platforms in the market. ...

  • BRATA Android RAT Steals Banking Info in Real Time

    September 4, 2019

    The RAT targets users via fake WhatsApp updates in Google Play. A powerful Android remote access tool (RAT) family dubbed BRATA is proliferating, with at least 20 different variants cropping up since it was first spotted in January. The majority of the binaries have been found in the official Google Play store, masquerading as updates for ...

  • ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information

    August 29, 2019

    Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal’s arsenal, and they’re not going to stop using it. The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code. Heatstroke demonstrates how far phishing techniques have evolved —  from merely mimicking ...

  • Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

    August 21, 2019

    Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group’s most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost over $3 ...

  • Adwind Remote Access Trojan Hits Utilities Sector

    August 19, 2019

    Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads. Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware ...

  • Hackers Use Fake NordVPN Website to Deliver Banking Trojan

    August 19, 2019

    The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics. While previously they hacked legitimate websites to hijack download links infected with malware, the hackers are now creating website clones to deliver banking Trojans onto unsuspecting victims’ computers. This allows them to focus ...

  • European Central Bank Shuts Down ‘BIRD Portal’ After Getting Hacked

    August 16, 2019

    The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the ...

  • DanaBot banking Trojan jumps from Australia to Germany in quest for new targets

    August 15, 2019

    The DanaBot banking Trojan is on the move and has traveled across the sea in a pivot from its original focus on Australia to strike European targets. DanaBot was first discovered by Proofpoint researchers last year. The malware was observed striking Australian targets of financial value, but at the time, DanaBot appeared to come from only one threat ...

  • Financial threats in H1 2019

    July 31, 2019

    Financial cyberthreats are malicious programs that attack users of online banking services, electronic money, cryptocurrency and other similar services, as well as threats aimed at gaining access to financial organizations and their infrastructure. Kaspersky experts regularly analyze the statistics that the company’s products anonymously send to the cloud infrastructure of the Kaspersky Security Network (KSN) ...

  • Cybercrime gang adds new tactics to credit card data-stealing campaign

    July 23, 2019

    A hacking operation has deployed new malware in the latest evolution of its campaign to make money by stealing credit card data. The FIN8 cybercrime group was first identified in January 2016, and typically targets point-of-sale (POS) systems with malware attacks designed to steal credit card information, which is then sold on for profit on dark ...

  • IFINSEC Financial Sector IT Security Conference and Exhibition

    July 23, 2019

    Press release IFINSEC Financial Sector IT Security Conference and Exhibition (www.ifinsec.com) will be held on 12-13 November 2019 in Istanbul, Turkey. IFINSEC is a global and niche conference with its focus on IT Security technologies and solutions for the financial sector. IFINSEC is one of the most important conferences in EMEA region in its category. With ...

  • Anubis Android Malware Returns with Over 17,000 Samples

    July 8, 2019

    The 2018 mobile threat landscape had banking trojans that diversified their tactics and techniques to evade detection and further monetize their malware — and in the case of the Anubis Android malware, retooled for other malicious activities. Anubis underwent several changes since it first emerged, from being used for cyberespionage to being retooled as a banking malware, combining information ...

  • Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

    July 4, 2019

    Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea. This ...