Threat Category: Financial threats | Page 22

Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.

Kaspersky Lab detected the first rootkit banker created to infect 64-bit systems. It was detected in a drive-by-download attack made by Brazilian cybercriminals.

A little while ago it became clear that the ZeuS program design had been passed on to the creator of another competitor Trojan called SpyEye

New version of ZeuS in the Mobile (now also for Windows Mobile) appeared. ZeuS in the Mobile for Blackberry devices has just been discovered.

GpCode initially appeared in 2004, new versions appeared annually until 2008 and then a long silence – and now, a new and powerful GpCode-like ransomware is atttacking.

Amongst some others the Zeus bot is one of the most prolific bots in the wild and in the media. Lately there has been quite a few reports on the aspects surrounding Zeus, such as new research and the Troyak takedown.

What wonderful times we live in! Thanks to the development of the Internet, we can purchase things and pay for services quickly and easily. Things have become incredibly convenient.

Today’s bank customers face the very real threat of losing their hard-earned cash if their online banking identities are stolen by cybercriminals.

Fabio, our researcher in Brazil, has noticed malware authors using an old trick to mask URLs. The trick involves specifying an IP address such as say, 66.102.13.19 in a numerical base other than base 10.

Malicious programs targeting the confidential data used to access online banking systems have long been the bane of financial organizations worldwide

It’s holiday time, and of course the bad guys know that shopping is a popular activity during this period, particularly in Europe and the US.

During routine malware analysis we sometimes find new techniques which are being used by Brazilian cybercriminals to remove security protection.

We’ve had a number of people contacting us with queries about ‘Kaspersky Lab Antivirus Online’ after their computer showed them the ransom message.

Today we heard a disturbing rumor about a new version of Gpcode. We immediately began talking to victims and trawling the Internet for samples.

Our previous blog on Gpcode said we’d managed to find a way to restore files in addition to those files that can be restored using the PhotoRec utility.

Reports

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Financial threats

Financial data stealing Malware now on Amazon Web Services Cloud

Rootkit Banker – now also to 64-bit

ZeuS lives!

ZeuS in the Mobile is back

GpCode-like Ransomware Is Back

Will the real Zeus botnet please stand up?

ZeuS on the Hunt

Malicious Javascript vs. card reader

New Brazilian banking Trojans recycle old URL obfuscation tricks

Lock, stock and two smoking Trojans: bank robbery in the 21st century

Cybercriminals go shopping

Friendly fire

Not Kaspersky

Gpcode – here we go again

Another way of restoring files after a Gpcode attack

Reports

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Subscribe to our weekly e-mails