Financial threats

It has been quite a few years since cybercriminals started actively stealing money from user accounts at online stores, e-payment systems and online banking systems.

Over the last few months I have been closely monitoring so-called Darknet resources, mostly the Tor network, and the cybercriminal element is growing.

Most of cybercriminals like to put the CPL file inside a ZIP, but we have also found it inserted inside RTF files. This kind of malware belongs to the Trojan-Banker.Win32.ChePro family, first detected in Russia in October 2012.

The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now.

By mid-November we recorded several thousand attempted Neverquest infections. This threat is relatively new, and cybercriminals aren’t using it to its full capacity.

New trick from cybercriminals of Brazil – a suspicious message arrives to the user with a file attached. Inside the RTF file there is a well-known Brazilian Trojan banker belonging to the family Trojan.Win32.ChePro.

Since we published our first blog post about the mobile Trojan Trojan-SMS.AndroidOS.Svpeng, the cybercriminals have improved its functionalities. Now Svpeng is capable of phishing as well, trying to harvest the financial data of users.

Read about the Cryptolocker malware, a new ransomware Trojan that encrypts your files and demands money to return them.

Cybercriminals are armed with an entire arsenal of methods with which to gain access to users’ confidential information. Most of the attacks which target financial data have social engineering as their basic element. This can be used either to spread malware or to steal user credentials directly.

Jumcar stands out from other malicious code developed in Latin America because of its particularly aggressive features. At the moment three generations of this malware family exist.

Jumcar is the name we have given to a family of malicious code developed in Latin America – particularly in Peru – and which, according to our research, has been deploying attack maneuvers since March 2012.

It has been three years since we published Lock, stock and two smoking Trojans in our blog. The article describes the first piece of malware designed to attack users of online banking software developed by a company called BIFIT.

The fifth part of our regular overview of mobile malware evolution was published one year ago, and now it’s time to review the events of 2012 to see just how accurate our forecasts were

Following in the wake of the vOlk (Mexico) and S.A.P.Z. (Peru) botnets comes PiceBOT, a newbie to the Latin American cybercrime scene. The cost on the black market is currently around $140.

The Trojan, detected by Kaspersky Lab as trojan-Banker.Win32.Bancyn.a, was named -Floating Cloud-, and was used to steal several millions of dollars from e-commerce users.