Threat Category: Financial threats | Page 22

Along with antivirus companies around the world, we’re faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge.

Following on from Vitaly’s post about the new Gpcode variant, I just thought I’d remind everyone to back up their data.

We’ve detected a new variant of Gpcode – a dangerous file-encryptor. It encrypts a whole variety of user files, targeting files with extensions such as DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc.

There’s been an update on the Trojan case we mentioned earlier this week – a 24 year old has been sentenced to five and a half years for computer crime.

Regular readers of this blog and our analytical articles may remember that in summer last year we wrote about a new variant of Bancos.aam designed to steal data from users of QUIK, a Russian Internet trading system

Virus Descriptions 101

This report provides an overview of different types of keyloggers, gives examples of losses caused by keyloggers, and provides recommendations on how to protect against them.

The first part of this report examines what cybercriminals steal from individual users

New GpCode with a 660 bit key cracked by Kaspersky Lab!

We have been investigating the source of the recent outbreak of the cyber-blackmail virus GpCode, which is on the loose in the Russian Internet.

New Sinowal variant claims to be from Microsoft. Sinowal is a family of password stealing Trojans which steals usernames/passwords entered via forms in an internet browser.

Yesterday I received a sample which seemed quite interesting. Turns out that the specimen was a bank Trojan which specifically targets (among others) a Dutch bank.

Over the last couple of days there’s been quite a lot of talk about a Trojan + rootkit called Hearse. We detect this malware as Trojan-Spy.Win32.Goldun.im.

Kaspersky Lab analysts have traced the source of Krotten (see yesterday’s blog by Yury Mashevsky for more information).

The program was spreading disguised as a program which would generate codes to top up mobile phones. It was placed on a site located in Russia which was hosted free of charge….

We’re starting to see a growth in the number of malicious programs which are being used to get money out of users – a type of cyber extortion.

Reports

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Financial threats

Help crack Gpcode

A cautionary reminder

Gpcode: the return of the file encryptor

QUIK conviction

Turning a QUIK buck

Virus Descriptions 101

Keyloggers: How they work and how to detect them (Part 1)

Computers, Networks and Theft

New GpCode with a 660 bit key

Latest info on the GpCode infections

Trojan-PSW spammed in Germany

First Trojan targetting Dutch bank found

New Bank Trojans

Krotten source traced – for the moment

Your money or your system registry

Reports

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Careto is back: what’s new after 10 years of silence?

APT trends report Q3 2024

Subscribe to our weekly e-mails