Coyote: A multi-stage banking Trojan abusing the Squirrel installer

The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, Kaspersky researchers encountered a new malware that specifically targets users of more than 60 banking institutions, mainly Read More …

Mexican Banks and Cryptocurrency Platforms Targeted With AllaKore RAT

A financially motivated threat actor is targeting Mexican banks and cryptocurrency trading entities with custom packaged installers delivering a modified version of AllaKore RAT – an open-source remote access tool. Lures use Mexican Social Security Institute (IMSS) naming schemas and Read More …

Analyzing AsyncRAT’s code injection into aspnet_compiler.exe across multiple incident response cases

During their recent investigations, the Trend Micro Managed XDR (MxDR) team handled various cases involving AsyncRAT, a Remote Access Tool (RAT) with multiple capabilities,  such as keylogging and remote desktop control, that make it a substantial threat to victims. This Read More …

New macOS Trojan-Proxy piggybacking on cracked software

Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Kaspersky researchers have recently discovered several cracked applications distributed by unauthorized websites and loaded with a Trojan-Proxy. Attackers can use this type of malware to Read More …

Social engineering attacks lure Indian users to install Android banking trojans

Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages designed to steal users’ information for financial fraud. Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to Read More …

Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown

In a late August 2023 operation involving the FBI and many international partners, law enforcement agencies seized the infrastructure and cryptocurrency assets used by the Qakbot malware, dealing considerable damage to the group’s operations. Many people in the security industry Read More …

A cryptor, a stealer and a banking trojan

Last month Kaspersky researchers covered a wide range of cybercrime topics. For example, Kaspersky published a private report on a new malware found on underground forums that they call ASMCrypt (related to the DoubleFinger loader). But there’s more going on Read More …

Godfather: A banking Trojan that is impossible to refuse

The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and Read More …

Massive Phishing Campaigns Target India Banks’ Clients

Trend Micro researchers observed an uptick in attacks targeting bank customers in India, the common entry point being a text message with a phishing link. The SMS content urges the victims to open the embedded phishing link or malicious app Read More …

Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure

While advanced persistent threats get the most breathless coverage in the news, many threat actors have money on their mind rather than espionage. You can learn a lot about the innovations used by these financially motivated groups by watching banking Read More …