Threat Category: Financial threats | Page 23

Regular readers of this blog and our analytical articles may remember that in summer last year we wrote about a new variant of Bancos.aam designed to steal data from users of QUIK, a Russian Internet trading system

Virus Descriptions 101

This report provides an overview of different types of keyloggers, gives examples of losses caused by keyloggers, and provides recommendations on how to protect against them.

The first part of this report examines what cybercriminals steal from individual users

New GpCode with a 660 bit key cracked by Kaspersky Lab!

We have been investigating the source of the recent outbreak of the cyber-blackmail virus GpCode, which is on the loose in the Russian Internet.

New Sinowal variant claims to be from Microsoft. Sinowal is a family of password stealing Trojans which steals usernames/passwords entered via forms in an internet browser.

Yesterday I received a sample which seemed quite interesting. Turns out that the specimen was a bank Trojan which specifically targets (among others) a Dutch bank.

Over the last couple of days there’s been quite a lot of talk about a Trojan + rootkit called Hearse. We detect this malware as Trojan-Spy.Win32.Goldun.im.

Kaspersky Lab analysts have traced the source of Krotten (see yesterday’s blog by Yury Mashevsky for more information).

The program was spreading disguised as a program which would generate codes to top up mobile phones. It was placed on a site located in Russia which was hosted free of charge….

We’re starting to see a growth in the number of malicious programs which are being used to get money out of users – a type of cyber extortion.

To coincide with the release of the annual mid-year card fraud figures, APACS (the UK payments association) is launching a fraud awareness campaign using its Card Watch and Bank Safe Online initiatives.

The latest variants of Bagle that we’ve detected over the past five days show that the virus writer behind this worm is shifting focus to on-line banks and payment systems.

Police in Italy have arrested almost 40 people so far in conjunction with credit card fraud.

Recently we’ve noticed several versions of one malicious program spreading. The program encrypts users files.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Financial threats

Turning a QUIK buck

Virus Descriptions 101

Keyloggers: How they work and how to detect them (Part 1)

Computers, Networks and Theft

New GpCode with a 660 bit key

Latest info on the GpCode infections

Trojan-PSW spammed in Germany

First Trojan targetting Dutch bank found

New Bank Trojans

Krotten source traced – for the moment

Your money or your system registry

More online safety advice

Bagle targeting banks

Credit card gang busted in Italy

Malicious encryption programs

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails