Threat Category: Financial threats | Page 20

How easy is it for bad guys to buy valid digital certificates from CAs using fake data and start signing Trojan bankers with them? In Brazil it appears to be very easy.

Russian law enforcement agencies announced the arrest of a cybercriminal gang involved in stealing money using the Carberp Trojan. Unfortunately this does not mark the end of the Carberp story.

In 2011, mobile malware reached a new qualitative level.

From an unholy alliance between Brazilian Bankers and Carders is created the ‘Chupa Cabra’ malware, developed to attack payment devices

A simple message on a Google forum in August sparked an investigation which would eventually bring down the DigiNotar certificate authority.

Cybercriminals avoiding detection and automated monitoring by block cipher using.

Operators of botnets based on SpyEye have started hiding real С&Cs in the customconnector plugin

Latin America has ceased to be a region that simply receives attacks from across the world. Since late 2009 it has begun to copy fraudulent business models through which American cybercriminals have begun producing their own criminal resources.

Online banking is now a run-of-the-mill affair for most.

But now we will discuss TDSS and its new module for Bitcoin. In the beginning of August a new section [tslcaloc] has appeared in the TDSS configuration files while bot was running on infected machine.

Brazilian trojans beyond the borders: now starts to attack banks in Europe

I found an interesting “bug” in the malicious .php script on the .cc domain. For example, instead of clicking on http://3cm.kz/example, just put at the end http://3cm.kz/example+ or http://3cm.kz/example* or any other and for each new special char you will get the binary. One special char per one new download. The second short URL service used by the criminals is http://shortn.me

Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.

Kaspersky Lab detected the first rootkit banker created to infect 64-bit systems. It was detected in a drive-by-download attack made by Brazilian cybercriminals.

A little while ago it became clear that the ZeuS program design had been passed on to the creator of another competitor Trojan called SpyEye

Reports

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Financial threats

Brazilian Trojan Bankers Now Digitally Signed

Carberp: it’s not over yet

Mobile Malware Evolution, Part 5

The ‘Chupa Cabra’ malware: attacks on payment devices

IT Threat Evolution: Q3 2011

Steganography or encryption in bankers?

SpyEye vs. Tracker

Latin American banks under fire from the Mexican VOlk-Botnet

ZeuS-in-the-Mobile – Facts and Theories

TDSS + Bitcoin = ?

Brazilian Trojans beyond borders

Tracking bugs in Zeus campaigns

Financial data stealing Malware now on Amazon Web Services Cloud

Rootkit Banker – now also to 64-bit

ZeuS lives!

Reports

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Careto is back: what’s new after 10 years of silence?

APT trends report Q3 2024

Subscribe to our weekly e-mails