Threat Category: Financial threats | Page 21

Jumcar is the name we have given to a family of malicious code developed in Latin America – particularly in Peru – and which, according to our research, has been deploying attack maneuvers since March 2012.

It has been three years since we published Lock, stock and two smoking Trojans in our blog. The article describes the first piece of malware designed to attack users of online banking software developed by a company called BIFIT.

The fifth part of our regular overview of mobile malware evolution was published one year ago, and now it’s time to review the events of 2012 to see just how accurate our forecasts were

Following in the wake of the vOlk (Mexico) and S.A.P.Z. (Peru) botnets comes PiceBOT, a newbie to the Latin American cybercrime scene. The cost on the black market is currently around $140.

The Trojan, detected by Kaspersky Lab as trojan-Banker.Win32.Bancyn.a, was named -Floating Cloud-, and was used to steal several millions of dollars from e-commerce users.

The Internet knows no borders, but according to our data, cybercrime has specific ‘geographical features’.

How easy is it for bad guys to buy valid digital certificates from CAs using fake data and start signing Trojan bankers with them? In Brazil it appears to be very easy.

Russian law enforcement agencies announced the arrest of a cybercriminal gang involved in stealing money using the Carberp Trojan. Unfortunately this does not mark the end of the Carberp story.

In 2011, mobile malware reached a new qualitative level.

From an unholy alliance between Brazilian Bankers and Carders is created the ‘Chupa Cabra’ malware, developed to attack payment devices

A simple message on a Google forum in August sparked an investigation which would eventually bring down the DigiNotar certificate authority.

Cybercriminals avoiding detection and automated monitoring by block cipher using.

Operators of botnets based on SpyEye have started hiding real С&Cs in the customconnector plugin

Latin America has ceased to be a region that simply receives attacks from across the world. Since late 2009 it has begun to copy fraudulent business models through which American cybercriminals have begun producing their own criminal resources.

Online banking is now a run-of-the-mill affair for most.

Reports

Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.

Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.

The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor.

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Financial threats

Jumcar. From Peru with a focus on Latin America [First part]

Lock, stock and two smoking Trojans-2

Mobile Malware Evolution: Part 6

New crimeware attacks LatAm bank users

God horses are floating clouds: The story of a Chinese banker Trojan

The geography of cybercrime: Western Europe and North America

Brazilian Trojan Bankers Now Digitally Signed

Carberp: it’s not over yet

Mobile Malware Evolution, Part 5

The ‘Chupa Cabra’ malware: attacks on payment devices

IT Threat Evolution: Q3 2011

Steganography or encryption in bankers?

SpyEye vs. Tracker

Latin American banks under fire from the Mexican VOlk-Botnet

ZeuS-in-the-Mobile – Facts and Theories

Reports

Kimsuky targets organizations with PebbleDash-based tools

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Subscribe to our weekly e-mails