Threat Category: Financial threats | Page 23

Following on from Vitaly’s post about the new Gpcode variant, I just thought I’d remind everyone to back up their data.

We’ve detected a new variant of Gpcode – a dangerous file-encryptor. It encrypts a whole variety of user files, targeting files with extensions such as DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc.

There’s been an update on the Trojan case we mentioned earlier this week – a 24 year old has been sentenced to five and a half years for computer crime.

Regular readers of this blog and our analytical articles may remember that in summer last year we wrote about a new variant of Bancos.aam designed to steal data from users of QUIK, a Russian Internet trading system

Virus Descriptions 101

This report provides an overview of different types of keyloggers, gives examples of losses caused by keyloggers, and provides recommendations on how to protect against them.

The first part of this report examines what cybercriminals steal from individual users

New GpCode with a 660 bit key cracked by Kaspersky Lab!

We have been investigating the source of the recent outbreak of the cyber-blackmail virus GpCode, which is on the loose in the Russian Internet.

New Sinowal variant claims to be from Microsoft. Sinowal is a family of password stealing Trojans which steals usernames/passwords entered via forms in an internet browser.

Yesterday I received a sample which seemed quite interesting. Turns out that the specimen was a bank Trojan which specifically targets (among others) a Dutch bank.

Over the last couple of days there’s been quite a lot of talk about a Trojan + rootkit called Hearse. We detect this malware as Trojan-Spy.Win32.Goldun.im.

Kaspersky Lab analysts have traced the source of Krotten (see yesterday’s blog by Yury Mashevsky for more information).

The program was spreading disguised as a program which would generate codes to top up mobile phones. It was placed on a site located in Russia which was hosted free of charge….

We’re starting to see a growth in the number of malicious programs which are being used to get money out of users – a type of cyber extortion.

To coincide with the release of the annual mid-year card fraud figures, APACS (the UK payments association) is launching a fraud awareness campaign using its Card Watch and Bank Safe Online initiatives.

Reports

Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook.

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

Financial threats

A cautionary reminder

Gpcode: the return of the file encryptor

QUIK conviction

Turning a QUIK buck

Virus Descriptions 101

Keyloggers: How they work and how to detect them (Part 1)

Computers, Networks and Theft

New GpCode with a 660 bit key

Latest info on the GpCode infections

Trojan-PSW spammed in Germany

First Trojan targetting Dutch bank found

New Bank Trojans

Krotten source traced – for the moment

Your money or your system registry

More online safety advice

Reports

ToddyCat: your hidden email assistant. Part 1

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Mem3nt0 mori – The Hacking Team is back!

Mysterious Elephant: a growing threat

Subscribe to our weekly e-mails