David García

In his more than 9-year professional career, he has been involved in multiple projects, the most important being in the fields of managed security, anti-fraud and ethical hacking services, and malware analysis. He has contributed his know-how and security-related improvements to a wide variety of fraud and vulnerability analysis products. He currently oversees the smooth running of our different products and researches current fraud developments in order to showcase buguroo overseas as well as providing the development department with feedback on the latest malware and cybercriminal trends.

Blog Post by David García

David García Sep 30, 2021 2 min read

Vultur: Theft of Credentials through the Accessibility Event Log together with the Recording of the Infected Device's Screen

Researchers at ThreatFabric detected a new Remote Access Trojan (RAT) for Android used to steal banking credentials from its victims.
Start Reading
David García Sep 21, 2021 2 min read

Coper: Use of Phishing Injections (Overlays) and the Log of Accessibility Events (Keylogging)

In July, a new family of banking malware for Android mobile devices was detected. 
Start Reading
David García Sep 17, 2021 8 min read

TeaBot: Banking Trojan for Android

As we've already discussed in previous articles, mobile phones are not free from banking trojans. This time we are going to be talking about a trojan for Android that was discovered by the Threat Intelligence and Incident Response (TIR) team at ...
Start Reading
David García Aug 16, 2021 3 min read

Medusa Banking Trojan exploits several Social Networks to communicate with Control Server

Medusa is a banking trojan that started out in July 2020. During the summer of that year, new campaigns from this family were detected, although new samples were no longer seen after September. 
Start Reading
David García May 31, 2021 9 min read

Malware in SolarWinds: GoldMax, Sibot and GoldFinder

Ever since the attack using SolarWinds components became known last December, researchers have continued to analyze its wake. Not only to uncover its scope, but also to understand all of its parts and thus improve the detection systems to avoid ...
Start Reading
David García May 27, 2021 9 min read

New Distribution Chain Detected for the Javali Banking Trojan

In recent years, an increase in many banking trojans developed by attackers in Latin American has been detected, in the same way, that their implementations have become more sophisticated as we will see from the recently detected findings.
Start Reading
David García May 17, 2021 8 min read

Sending of a Secure Electronic Comms: New Campaign by the Mekotio Banking Trojan

This isn't the first time that a trojan has used spam campaigns to distribute itself; in fact, it's very common as we've already seen in numerous articles on the blog.
Start Reading
David García Feb 17, 2021 7 min read

VADOKRIST: Banking malware targeting brazilian entities

Vadokrist is a banking trojan designed to steal banking credentials from mainly Brazilian entities. As such, it shares some of its functionalities with other families such as Grandoreiro or Mekoito, which also target Latin America in particular.
Start Reading
David García Feb 5, 2021 4 min read

2020 Banking Malware Report

2020 has been a year marked by a virus, not one of the ones we usually talk about, but a biological one. COVID-19 monopolized people's attention the past year, including among malware developers.
Start Reading
David García Feb 1, 2021 8 min read

SUNBURST: The backdoor present in SolarWinds Orion updates

On December 8th, FireEye announced that it had suffered an attack in which the company's proprietary Red Team tools were exposed. In response, they published IOCs that allow the use of the tools to be identified.
Start Reading
David García Jan 25, 2021 3 min read

MISPADU: theft of credentials through keylogging

Since June of this year and throughout the last quarter of the year, a banking malware for Windows systems has been increasing its number of victims and stealing their banking credentials. Mispadu is a Brazilian banking trojan that has been around ...
Start Reading
David García Jan 7, 2021 3 min read

BBTOK: malware focused on infection and credential theft of Mexicans

BBtok is a new banking trojan whose authors seem to be focused, at least for the time being, on infecting and stealing the credentials of Mexican users. In the event that the victim who executes the dropper sent by email does not use a Mexican ...
Start Reading