Threat Category: Financial threats | Page 22

Amongst some others the Zeus bot is one of the most prolific bots in the wild and in the media. Lately there has been quite a few reports on the aspects surrounding Zeus, such as new research and the Troyak takedown.

What wonderful times we live in! Thanks to the development of the Internet, we can purchase things and pay for services quickly and easily. Things have become incredibly convenient.

Today’s bank customers face the very real threat of losing their hard-earned cash if their online banking identities are stolen by cybercriminals.

Fabio, our researcher in Brazil, has noticed malware authors using an old trick to mask URLs. The trick involves specifying an IP address such as say, 66.102.13.19 in a numerical base other than base 10.

Malicious programs targeting the confidential data used to access online banking systems have long been the bane of financial organizations worldwide

It’s holiday time, and of course the bad guys know that shopping is a popular activity during this period, particularly in Europe and the US.

During routine malware analysis we sometimes find new techniques which are being used by Brazilian cybercriminals to remove security protection.

We’ve had a number of people contacting us with queries about ‘Kaspersky Lab Antivirus Online’ after their computer showed them the ransom message.

Today we heard a disturbing rumor about a new version of Gpcode. We immediately began talking to victims and trawling the Internet for samples.

Our previous blog on Gpcode said we’d managed to find a way to restore files in addition to those files that can be restored using the PhotoRec utility.

Our StopGpcode project has attracted a lot of attention from individual researchers and organizations who are interested in solving the puzzle of the blackmailing virus. Thanks for all of the feedback.

Currently, it’s not possible to decrypt files encrypted by Gpcode.ak without the private key. However, there is a way in which encrypted files can be restored to their original condition.

The whole new Gpcode outbreak has set me thinking about attackers and victims in general. Yes, decrypting the key used by the new Gpcode is a thorny problem and there’s no guarantee of success. So I’d like to remind everyone that common sense is as improtant as good technology.

Passivity on the…

Along with antivirus companies around the world, we’re faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge.

Following on from Vitaly’s post about the new Gpcode variant, I just thought I’d remind everyone to back up their data.

Reports

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Financial threats

Will the real Zeus botnet please stand up?

ZeuS on the Hunt

Malicious Javascript vs. card reader

New Brazilian banking Trojans recycle old URL obfuscation tricks

Lock, stock and two smoking Trojans: bank robbery in the 21st century

Cybercriminals go shopping

Friendly fire

Not Kaspersky

Gpcode – here we go again

Another way of restoring files after a Gpcode attack

Gpcode update

Restoring files attacked by Gpcode.ak

Don’t be a victim

Help crack Gpcode

A cautionary reminder

Reports

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Mem3nt0 mori – The Hacking Team is back!

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Subscribe to our weekly e-mails