Threat Category: Financial threats | Page 21

From an unholy alliance between Brazilian Bankers and Carders is created the ‘Chupa Cabra’ malware, developed to attack payment devices

A simple message on a Google forum in August sparked an investigation which would eventually bring down the DigiNotar certificate authority.

Cybercriminals avoiding detection and automated monitoring by block cipher using.

Operators of botnets based on SpyEye have started hiding real С&Cs in the customconnector plugin

Latin America has ceased to be a region that simply receives attacks from across the world. Since late 2009 it has begun to copy fraudulent business models through which American cybercriminals have begun producing their own criminal resources.

Online banking is now a run-of-the-mill affair for most.

But now we will discuss TDSS and its new module for Bitcoin. In the beginning of August a new section [tslcaloc] has appeared in the TDSS configuration files while bot was running on infected machine.

Brazilian trojans beyond the borders: now starts to attack banks in Europe

I found an interesting “bug” in the malicious .php script on the .cc domain. For example, instead of clicking on http://3cm.kz/example, just put at the end http://3cm.kz/example+ or http://3cm.kz/example* or any other and for each new special char you will get the binary. One special char per one new download. The second short URL service used by the criminals is http://shortn.me

Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.

Kaspersky Lab detected the first rootkit banker created to infect 64-bit systems. It was detected in a drive-by-download attack made by Brazilian cybercriminals.

A little while ago it became clear that the ZeuS program design had been passed on to the creator of another competitor Trojan called SpyEye

New version of ZeuS in the Mobile (now also for Windows Mobile) appeared. ZeuS in the Mobile for Blackberry devices has just been discovered.

GpCode initially appeared in 2004, new versions appeared annually until 2008 and then a long silence – and now, a new and powerful GpCode-like ransomware is atttacking.

Amongst some others the Zeus bot is one of the most prolific bots in the wild and in the media. Lately there has been quite a few reports on the aspects surrounding Zeus, such as new research and the Troyak takedown.

Reports

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Financial threats

The ‘Chupa Cabra’ malware: attacks on payment devices

IT Threat Evolution: Q3 2011

Steganography or encryption in bankers?

SpyEye vs. Tracker

Latin American banks under fire from the Mexican VOlk-Botnet

ZeuS-in-the-Mobile – Facts and Theories

TDSS + Bitcoin = ?

Brazilian Trojans beyond borders

Tracking bugs in Zeus campaigns

Financial data stealing Malware now on Amazon Web Services Cloud

Rootkit Banker – now also to 64-bit

ZeuS lives!

ZeuS in the Mobile is back

GpCode-like Ransomware Is Back

Will the real Zeus botnet please stand up?

Reports

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Subscribe to our weekly e-mails