Banking and Finance


  • QBot partners with Egregor ransomware in bot-fueled attacks

    November 20, 2020

    The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September. Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides remote access to threat actors who install ransomware. Victims usually become infected with Qbot through phishing emails ...

  • Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

    November 18, 2020

    The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more. Hackers have been sounding alarms about this ...

  • New ModPipe malware targets hospitality, hotel point of sale systems

    November 12, 2020

    A new Point-of-Sale (PoS) malware is targeting devices used by “hundreds of thousands” of organizations in the hospitality sector, researchers have warned. Dubbed ModPipe, the malware is a backdoor able to harvest sensitive information in PoS devices running Oracle Micros Restaurant Enterprise Series (RES) 3700, management software that is particularly popular in the United States. RES 3700 ...

  • Singapore moots mandatory offsite verification for financial institutions

    November 10, 2020

    Singapore is considering the need for various personal information, such as password and biometrics, to facilitate “non-face-to-face” verification for financial services. This comes amidst a rise in impersonation scam cases and risks of personal data theft. In a consultation paper released Tuesday, the Monetary Authority of Singapore (MAS) mooted the mandatory use of at least one ...

  • Ghimob: a Tétrade threat actor moves to infect mobile devices

    November 9, 2020

    Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies in ...

  • Cybersecurity threats to corporate America are present now ‘more than ever,’ SEC chair says

    November 2, 2020

    Securities and Exchange Commission Chairman Jay Clayton is telling corporate America it needs to get much more vigilant on security. In an interview Monday on CNBC’s “Power Lunch,” stressed that significant cybersecurity threats remain, despite the ongoing coronavirus pandemic and election season. “Cyber risks have not gone away with the unfortunate, unforeseen risks we’ve faced with ...

  • Wroba Mobile Banking Trojan Spreads to the U.S. via Texts

    October 30, 2020

    The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time. According to researchers at Kaspersky, a wave of attacks are taking aim at U.S. Android and iPhone users in an effort that started on Thursday. The campaign uses text messages to spread, using fake notifications for “package ...

  • Wireshark Tutorial: Examining Dridex Infection Traffic

    October 23, 2020

    This tutorial is designed for security professionals who investigate suspicious network activity and review network packet captures (pcaps). Familiarity with Wireshark is necessary to understand this tutorial, which focuses on Wireshark version 3.x. Dridex is the name for a family of information-stealing malware that has also been described as a banking Trojan. This malware first appeared ...

  • Vizom malware uses remote overlay attacks to hijack your bank account

    October 19, 2020

    Researchers have uncovered a new form of malware using remote overlay attacks to strike Brazilian bank account holders. The new malware variant, dubbed Vizom by IBM, is being utilized in an active campaign across Brazil designed to compromise bank accounts via online financial services. On Tuesday, IBM security researchers Chen Nahman, Ofir Ozer, and Limor Kessem said ...

  • US brokerage firms warned of widespread survey phishing attacks

    October 7, 2020

    The U.S. Financial Industry Regulatory Authority (FINRA) has issued a notice warning member brokerage firms of widespread phishing attacks using surveys to harvest information. FINRA is a non-profit organization and self-regulatory body authorized by the U.S. government to regulate exchange markets and brokerage firms. According to FINRA, the organization supervises over 624,000 brokers across the country and ...

  • Mispadu Banking Trojan Resurfaces

    September 22, 2020

    Recent spam campaigns leading to URSA/Mispadu banking trojan (detected by Trend Micro as TrojanSpy.Win32.MISPADU.THIADBO) have been uncovered, as reported by malware analyst Pedro Tavares in a Twitter post and by Seguranca Informatica in a blog post. Mispadu malware steals credentials from users’ systems. This attack targets systems with Spanish and Portuguese as system languages. It is ...

  • Cerberus banking Trojan source code released for free to cyberattackers

    September 16, 2020

    The source code of the Cerberus banking Trojan has been released as free malware on underground hacking forums following a failed auction. Speaking at Kaspersky NEXT 2020 on Wednesday, Kaspersky cybersecurity researcher Dmitry Galov said that the leaked code, distributed under the name Cerberus v2, presents an increased threat for smartphone users and the banking sector ...

  • Chilean bank shuts down all branches following ransomware attack

    September 7, 2020

    BancoEstado, one of Chile’s three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend. “Our branches will not be operational and will remain closed today,” the bank said in a statement published on its Twitter account on Monday. Details about the attack have not been ...

  • US government warns of North Korean hackers targeting banks worldwide

    August 26, 2020

    North Korean hackers tracked as BeagleBoyz have been using malicious remote access tools as part of ongoing attacks to steal millions from international banks according to a joint advisory issued today by several U.S. Government agencies. The joint release says that North Korea’s BeagleBoyz hacking group has once again started robbing banks through remote internet access ...

  • New Zealand stock exchange halted trading after DDoS attacks

    August 26, 2020

    New Zealand’s stock exchange (NZX) has been impacted by distributed denial-of-service (DDoS) attacks during the last two days, forcing it to shut down trading until the connectivity issues were resolved. NZX operates New Zealand’s capital, risk, and commodity markets, and it supplies market information including real-time stock quotes, market data and news. The stock market announced around ...

  • New FritzFrog P2P botnet has breached at least 500 enterprise, government servers

    August 19, 2020

    A P2P botnet newly-discovered by researchers has struck at least 500 government and enterprise SSH servers over 2020. On Wednesday, cybersecurity firm Guardicore Labs published research into FritzFrog, a peer-to-peer (P2P) botnet that has been detected by the company’s sensors since January this year. According to researcher Ophir Harpaz, FritzFrog has attempted to brute-force SSH servers belonging ...

  • CactusPete APT group’s updated Bisonal backdoor

    August 13, 2020

    CactusPete (also known as Karma Panda or Tonto Team) is an APT group that has been publicly known since at least 2013. Some of the group’s activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this group’s activity for years as well. Historically, their activity has ...

  • Cerberus Android malware source code offered for sale for $100,000

    July 27, 2020

    The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money. The price includes everything from source code to customer list along with installation guide and the scripts to make components work together. For at least one year, the group behind ...

  • Diebold Nixdorf warns of a new class of ATM ‘black box’ attacks across Europe

    July 16, 2020

    ATM maker Diebold Nixdorf is warning banks of a new type of ATM “black box” attack that was recently spotted used across Europe. ATM “black box” attacks are a type of jackpotting attack — when cybercriminals make an ATM spit out cash. A jackpotting attack can be executed with malware installed on an ATM, or by ...

  • The Tetrade: Brazilian banking malware goes global

    July 14, 2020

    Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the world’s busiest and most creative perpetrators of cybercrime. Like their counterparts’ in China and Russia, their cyberattacks have a strong local flavor, and for a long time, they limited their attacks ...