Threat Category: Financial threats | Page 20

The Internet knows no borders, but according to our data, cybercrime has specific ‘geographical features’.

How easy is it for bad guys to buy valid digital certificates from CAs using fake data and start signing Trojan bankers with them? In Brazil it appears to be very easy.

Russian law enforcement agencies announced the arrest of a cybercriminal gang involved in stealing money using the Carberp Trojan. Unfortunately this does not mark the end of the Carberp story.

In 2011, mobile malware reached a new qualitative level.

From an unholy alliance between Brazilian Bankers and Carders is created the ‘Chupa Cabra’ malware, developed to attack payment devices

A simple message on a Google forum in August sparked an investigation which would eventually bring down the DigiNotar certificate authority.

Cybercriminals avoiding detection and automated monitoring by block cipher using.

Operators of botnets based on SpyEye have started hiding real С&Cs in the customconnector plugin

Latin America has ceased to be a region that simply receives attacks from across the world. Since late 2009 it has begun to copy fraudulent business models through which American cybercriminals have begun producing their own criminal resources.

Online banking is now a run-of-the-mill affair for most.

But now we will discuss TDSS and its new module for Bitcoin. In the beginning of August a new section [tslcaloc] has appeared in the TDSS configuration files while bot was running on infected machine.

Brazilian trojans beyond the borders: now starts to attack banks in Europe

I found an interesting “bug” in the malicious .php script on the .cc domain. For example, instead of clicking on http://3cm.kz/example, just put at the end http://3cm.kz/example+ or http://3cm.kz/example* or any other and for each new special char you will get the binary. One special char per one new download. The second short URL service used by the criminals is http://shortn.me

Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.

Kaspersky Lab detected the first rootkit banker created to infect 64-bit systems. It was detected in a drive-by-download attack made by Brazilian cybercriminals.

Reports

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

Financial threats

The geography of cybercrime: Western Europe and North America

Brazilian Trojan Bankers Now Digitally Signed

Carberp: it’s not over yet

Mobile Malware Evolution, Part 5

The ‘Chupa Cabra’ malware: attacks on payment devices

IT Threat Evolution: Q3 2011

Steganography or encryption in bankers?

SpyEye vs. Tracker

Latin American banks under fire from the Mexican VOlk-Botnet

ZeuS-in-the-Mobile – Facts and Theories

TDSS + Bitcoin = ?

Brazilian Trojans beyond borders

Tracking bugs in Zeus campaigns

Financial data stealing Malware now on Amazon Web Services Cloud

Rootkit Banker – now also to 64-bit

Reports

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Careto is back: what’s new after 10 years of silence?

Subscribe to our weekly e-mails