Banking and Finance


  • Hackers Use Fake NordVPN Website to Deliver Banking Trojan

    August 19, 2019

    The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics. While previously they hacked legitimate websites to hijack download links infected with malware, the hackers are now creating website clones to deliver banking Trojans onto unsuspecting victims’ computers. This allows them to focus ...

  • European Central Bank Shuts Down ‘BIRD Portal’ After Getting Hacked

    August 16, 2019

    The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the ...

  • DanaBot banking Trojan jumps from Australia to Germany in quest for new targets

    August 15, 2019

    The DanaBot banking Trojan is on the move and has traveled across the sea in a pivot from its original focus on Australia to strike European targets. DanaBot was first discovered by Proofpoint researchers last year. The malware was observed striking Australian targets of financial value, but at the time, DanaBot appeared to come from only one threat ...

  • Financial threats in H1 2019

    July 31, 2019

    Financial cyberthreats are malicious programs that attack users of online banking services, electronic money, cryptocurrency and other similar services, as well as threats aimed at gaining access to financial organizations and their infrastructure. Kaspersky experts regularly analyze the statistics that the company’s products anonymously send to the cloud infrastructure of the Kaspersky Security Network (KSN) ...

  • Cybercrime gang adds new tactics to credit card data-stealing campaign

    July 23, 2019

    A hacking operation has deployed new malware in the latest evolution of its campaign to make money by stealing credit card data. The FIN8 cybercrime group was first identified in January 2016, and typically targets point-of-sale (POS) systems with malware attacks designed to steal credit card information, which is then sold on for profit on dark ...

  • IFINSEC Financial Sector IT Security Conference and Exhibition

    July 23, 2019

    Press release IFINSEC Financial Sector IT Security Conference and Exhibition (www.ifinsec.com) will be held on 12-13 November 2019 in Istanbul, Turkey. IFINSEC is a global and niche conference with its focus on IT Security technologies and solutions for the financial sector. IFINSEC is one of the most important conferences in EMEA region in its category. With ...

  • Anubis Android Malware Returns with Over 17,000 Samples

    July 8, 2019

    The 2018 mobile threat landscape had banking trojans that diversified their tactics and techniques to evade detection and further monetize their malware — and in the case of the Anubis Android malware, retooled for other malicious activities. Anubis underwent several changes since it first emerged, from being used for cyberespionage to being retooled as a banking malware, combining information ...

  • Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

    July 4, 2019

    Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea. This ...

  • Making Intelligence Actionable: Cybersecurity Preparedness in the Credit Union Industry

    July 3, 2019

    As the threat landscape continues to evolve, organizations need to be increasingly proactive in their approach to cybersecurity. One industry that’s taken proactive measures toward cybersecurity preparedness is the credit union industry. Over the last couple of years, the National Credit Union Administration (NCUA) developed a tool called the Automated Cybersecurity Examination Tool (ACET) to help credit unions ...

  • Phishing, ransomware are top cyberattacks on financial services firms

    July 1, 2019

    Phishing and ransomware attacks are the most reported types of cyberattacks on financial services firms, but in most cases the causes of outages were far more mundane. Financial services firms reported 819 cyber incidents to their watchdog, the Financial Conduct Authority (FCA), last year, a huge rise on the 69 incidents reported the year before. Retail banks were responsible ...

  • New Dridex Variant Slips By Anti-Virus Detection

    June 28, 2019

    A never-before-seen Dridex variant has been spotted in phishing emails using anti-virus detection evasion tactics. Researchers have spotted a variant of the Dridex banking trojan with new obfuscation capabilities that help it skirt anti-virus detection. While Dridex has been around since 2011, researchers told Threatpost Friday that they recently spotted phishing emails distributing a never-before-seen variant of the ...

  • Riltok mobile Trojan: A banker with global reach

    June 25, 2019

    Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted, with minimal modifications, for the European “market.” The bulk of its victims (more than 90%) reside in Russia, with France in second place (4%). ...

  • Houdini malware targets victims with keylogger, online bank account theft tools

    June 17, 2019

    A new variant of the Houdini malware has been detected in campaigns against financial institutions and their customers. Last week, cybersecurity researchers from Cofense said in a blog post that the new strain of Houdini — also known as HWorm — was released by its author on June 2, 2019. Dubbed WSH Remote Access Tool (RAT), it took the ...

  • Goznym Malware: Cybercriminal Network Dismantled In International Operation

    May 16, 2019

    An unprecedented, international law enforcement operation has dismantled a complex, globally operating and organised cybercrime network. The criminal network used GozNym malware in an attempt to steal an estimated $100 million from more than 41 000 victims, primarily businesses and their financial institutions. A criminal Indictment returned by a federal grand jury in Pittsburgh, USA charges ...

  • Source code of Carbanak trojan found on VirusTotal

    April 23, 2019

    The source code of one of the world’s most dangerous malware strains has been uploaded and left available on VirusTotal for two years, and almost nobody has noticed. It was discovered by security researchers from US cyber-security firm FireEye, analyzed for the past two years, and made public today, so other members of the cyber-security community ...

  • Data-Wiping Cyberattacks Plague Financial Firms

    March 6, 2019

    Over a quarter of surveyed financial institutions reported that they were targeted by destructive cyberattacks over the past year, bent on completely destroying data. That’s according to a new Carbon Black report unveiled at RSA this year. The report, “Modern Bank Heists: The Bank Robbery Shifts to Cyberspace,” outlines the top attacks that financial firms are facing ...

  • Fileless Banking Trojan Targeting Brazilian Banks Downloads Possible Botnet Capability, Info Stealers

    March 4, 2019

    Trend Micro analyzed a fileless malware with multiple .BAT attachments and a batch file from IoCs reported by researchers online that was capable of opening an IP address, downloading a PowerShell with a banking trojan payload, and installing a hack tool and an information stealer. Looking further, we observed it stealing machine information and user ...

  • Russian national, author of NeverQuest banking trojan, pleads guilty

    February 23, 2019

    A Russian national pleaded guilty today in a New York court of creating, running, and infecting users with the NeverQuest banking trojan –also known as Snifula and Vawtrack. The man’s name is Stanislav Vitaliyevich Lisov, a Russian national who went online under the names of “Black” and “Blackf,” and who, according to a Department of Justice press ...

  • Malspam campaign fakes Google reCAPTCHA images to fool victims

    February 22, 2019

    A recently discovered malspam campaign targeting customers of a Polish bank was found using forgeries of Google reCAPTCHA images to fake legitimacy. The banking malware was delivered via phishing emails that purported to seekin confirmation of a recent banking transaction that in reality never occurred, according to Feb. 21 blog post published week by Sucuri. Recipients who panicked at the ...

  • Hackers Use Compromised Banks as Starting Points for Phishing Attacks

    February 19, 2019

    Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries. In a report released today and shared with BleepingComputer, international security company Group-IB specialized in preventing cyber attacks describes a so called cross-border domino-effect that can lead to spreading an infection beyond the initial ...