Financial threats

In recent times we’ve been seeing a lot of file-encrypting ransomware activity. One of the new ones we’ve seen pop up in the last couple weeks is called ZeroLocker.

Everything you read about boleto malware attacking the popular Brazilian payment system was only the tip of the iceberg. The Brazilian bad guys are quickly developing and adopting new techniques.

Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014. 927,568 computers running Kaspersky Lab products were attacked by banking malware. 65,118 new malicious mobile programs were detected. 2033 mobile banking Trojans were detected in this period, 1.7 times more than last quarter.

Trojan-Ransom.Win32.Onion is a highly dangerous threat and one of the most technologically advanced encryptors out there. Its developers used both proven techniques ‘tested’ on its predecessors and solutions that are completely new for this class of malware.

Stealing more than half a million euro in just a week – it sounds like a Hollywood heist movie. But the organizers of the Luuuk banking fraud pulled it off with a Man-in-the-Browser (MITB) campaign against a specific European bank.

In this second part of our series we explain the most common attacks on ATMs and PoS (Point of Sales) devices in Brazil. These are out to clone your credit card using skimmer devices, fake signage and, of course, a lot of malware.

PDF Version  Financial cyber threats in 2013. Part 1: phishing Financial cyber threats in 2013. Part 2: malware Main findings According to the information collected from the protection sub-systems of Kaspersky Lab products, 2013 saw a dramatic increase in the number of finance-related attacks, be it phishing or attacks involving malware. Below are the main

So our recent discovery of Trojan-SMS.AndroidOS.Waller.a highlighted a new get-rich technique that not only sent a premium SMS but also saw the malware attempt to steal money from a QIWI electronic wallet.

It has been quite a few years since cybercriminals started actively stealing money from user accounts at online stores, e-payment systems and online banking systems.

Over the last few months I have been closely monitoring so-called Darknet resources, mostly the Tor network, and the cybercriminal element is growing.

Most of cybercriminals like to put the CPL file inside a ZIP, but we have also found it inserted inside RTF files. This kind of malware belongs to the Trojan-Banker.Win32.ChePro family, first detected in Russia in October 2012.

The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now.

By mid-November we recorded several thousand attempted Neverquest infections. This threat is relatively new, and cybercriminals aren’t using it to its full capacity.

New trick from cybercriminals of Brazil – a suspicious message arrives to the user with a file attached. Inside the RTF file there is a well-known Brazilian Trojan banker belonging to the family Trojan.Win32.ChePro.

Since we published our first blog post about the mobile Trojan Trojan-SMS.AndroidOS.Svpeng, the cybercriminals have improved its functionalities. Now Svpeng is capable of phishing as well, trying to harvest the financial data of users.