Threat Category: Financial threats | Page 22

The whole new Gpcode outbreak has set me thinking about attackers and victims in general. Yes, decrypting the key used by the new Gpcode is a thorny problem and there’s no guarantee of success. So I’d like to remind everyone that common sense is as improtant as good technology.

Passivity on the…

Along with antivirus companies around the world, we’re faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge.

Following on from Vitaly’s post about the new Gpcode variant, I just thought I’d remind everyone to back up their data.

We’ve detected a new variant of Gpcode – a dangerous file-encryptor. It encrypts a whole variety of user files, targeting files with extensions such as DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc.

There’s been an update on the Trojan case we mentioned earlier this week – a 24 year old has been sentenced to five and a half years for computer crime.

Regular readers of this blog and our analytical articles may remember that in summer last year we wrote about a new variant of Bancos.aam designed to steal data from users of QUIK, a Russian Internet trading system

Virus Descriptions 101

This report provides an overview of different types of keyloggers, gives examples of losses caused by keyloggers, and provides recommendations on how to protect against them.

The first part of this report examines what cybercriminals steal from individual users

New GpCode with a 660 bit key cracked by Kaspersky Lab!

We have been investigating the source of the recent outbreak of the cyber-blackmail virus GpCode, which is on the loose in the Russian Internet.

New Sinowal variant claims to be from Microsoft. Sinowal is a family of password stealing Trojans which steals usernames/passwords entered via forms in an internet browser.

Yesterday I received a sample which seemed quite interesting. Turns out that the specimen was a bank Trojan which specifically targets (among others) a Dutch bank.

Over the last couple of days there’s been quite a lot of talk about a Trojan + rootkit called Hearse. We detect this malware as Trojan-Spy.Win32.Goldun.im.

Kaspersky Lab analysts have traced the source of Krotten (see yesterday’s blog by Yury Mashevsky for more information).

The program was spreading disguised as a program which would generate codes to top up mobile phones. It was placed on a site located in Russia which was hosted free of charge….

Reports

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

Financial threats

Don’t be a victim

Help crack Gpcode

A cautionary reminder

Gpcode: the return of the file encryptor

QUIK conviction

Turning a QUIK buck

Virus Descriptions 101

Keyloggers: How they work and how to detect them (Part 1)

Computers, Networks and Theft

New GpCode with a 660 bit key

Latest info on the GpCode infections

Trojan-PSW spammed in Germany

First Trojan targetting Dutch bank found

New Bank Trojans

Krotten source traced – for the moment

Reports

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Careto is back: what’s new after 10 years of silence?

Subscribe to our weekly e-mails