no-image

IT threat evolution Q3 2017

Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article

no-image

Gaza Cybergang – updated activity in 2017:

Gaza cybergang is an Arabic politically motivated cyber criminal group, operating since 2012 and is actively targeting the MENA (Middle East North Africa) region. Gaza cybergang attacks have never slowed down, recent targets by the group does seem to be varied in nature, attackers do not seem to be selectively choosing targets, but rather seeking different kinds of MENA intelligence. Read Full Article

no-image

WAP-billing Trojan-Clickers on rise

During the preparation of the “IT threat evolution Q2 2017” report I found several common Trojans that were stealing money from users using WAP-billing. We hadn’t seen any Trojans like this in a while, but several of them appeared out of nowhere. Most of them had been under development since the end of 2016 / the beginning of 2017, but their prevalence increased only in the second half of Q2 2017. Therefore, I decided to take a closer look at these Trojans. Read Full Article

no-image

Booking a Taxi for Faketoken

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. Not so long ago, thanks to our colleagues from a large Russian bank, we detected a new Trojan sample, Faketoken.q, which contained a number of curious features. Read Full Article

no-image

A new era in mobile banking Trojans

In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services. Read Full Article

no-image

Ztorg: from rooting to SMS

I’ve been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps. All of them were rooting malware that used exploits to gain root rights on the infected device. In May 2017, a new Ztorg variant appeared on the Google Play Store – only this this time it wasn’t a rooting malware but a Trojan-SMS. Read Full Article