David Morán

David has more than 15 years’ experience in cybersecurity, systems and development, starting out in an extinct hacking team known as Badchecksum. He collaborated on Defcon 19 with the Painsec security team. He is versed in scalable environments thanks to his work at the Tuenti social network with a traffic load of over 12Gbps. He has been involved with buguroo almost since the outset and has taken part in all the tools developed by the company, including source code analysers, malware analysis, cyber intelligence, etc. He also has in-depth knowledge of the Linux kernel, having developed LKMs that acted as rootkits as well as malware for Windows environments. He is currently the head of Revelock’s development team, managing task distribution and negotiating with the Head of Technology.

Blog Post by David Morán

David Morán Sep 13, 2021 9 min read

New Spam Campaigns with a Variant of IcedID

Carrying out spam campaigns by email is one of attackers' most widely used means for introducing banking trojans among users. Today we are going to be talking about a campaign that Kaspersky researchers have observed, in which they have found ...
Start Reading
David Morán Aug 23, 2021 10 min read

Ursnif and Cerberus: A Combined Attack

On this occasion, we are going to talk about Ursnif, also known as Gozi, and how it uses the Cerberus functionalities to automate fraudulent bank transactions.
Start Reading
David Morán Aug 9, 2021 11 min read

Toddler Expands its Range of Affected European Entities

Today we are going to talk about Toddler, also known as NotFlubot, Anatsa or Teabot, a banking trojan for Android that we have talked a lot about in this report, and that was discovered for the first time in January of this year.
Start Reading
David Morán Jul 26, 2021 2 min read

Bizarro: Infected Through Malicious Macros

Bizarro is a banking trojan whose main targets are Latin American banking entities, although in the last year it has begun to take an interest in European entities, mainly Spanish and Italian.
Start Reading
David Morán Jul 20, 2021 6 min read

Flubot: Text Messages impersonating Delivery Services Companies

There are already several families of banking malware for Android that we have seen appear at the beginning of 2021, such as Toodler, Oscorp, and now, FluBot.
Start Reading
David Morán Jun 29, 2021 4 min read

Oscorp: Android banking Trojan to steal cryptocurrency and 2FA codes

Oscorp is the new banking trojan that has appeared in the world of Android bankers at the beginning of 2021.
Start Reading
David Morán Jun 14, 2021 6 min read

Updates to REvil ransomware

The REvil (Sodinokibi) ransomware has been the subject of several news articles related to cybersecurity in recent months. For example, one of the most notorious was the infection suffered by Acer, with a ransom of 50 million dollars that rose to ...
Start Reading
David Morán May 24, 2021 8 min read

Osiris Banking Trojan for Windows

Morphisec identified a new campaign targeting German clients, characterized by the download of an Osiris client with the ability to communicate via Tor with the command-and-control server (C2).
Start Reading
David Morán Mar 15, 2021 2 min read

Toddler: Credential theft overlays and accessibility event logging

In January of 2021, a new family of previously undetected banking malware was discovered. The samples were found on the VirusTotal and Koodous malware analysis platforms.
Start Reading
David Morán Jan 20, 2021 9 min read

2021 Banking Malware Trends

This past 2020 has been a year full of high-profile attacks and notorious vulnerabilities, watered with a pandemic climate that cybercriminals have taken advantage of.
Start Reading
David Morán Dec 9, 2020 12 min read

Malware Authors Update Themselves: Blockchain-Based Decentralized DNS

Perhaps one of the biggest news stories from last October was the operation carried out by Microsoft and its partners , under the protection of a court order, to dismantle Trickbot, a banking trojan that has evolved to become a "mule" of various ...
Start Reading
David Morán Nov 30, 2020 8 min read

Wroba: Banking Malware Spreads Across the US via SMS

New samples of this trojan were encountered on the smartphones of US users, which points to the possibility of a campaign aimed at expanding the number of affected users in these areas.
Start Reading