David has more than 15 years’ experience in cybersecurity, systems and development, starting out in an extinct hacking team known as Badchecksum. He collaborated on Defcon 19 with the Painsec security team. He is versed in scalable environments thanks to his work at the Tuenti social network with a traffic load of over 12Gbps. He has been involved with buguroo almost since the outset and has taken part in all the tools developed by the company, including source code analysers, malware analysis, cyber intelligence, etc. He also has in-depth knowledge of the Linux kernel, having developed LKMs that acted as rootkits as well as malware for Windows environments. He is currently the head of Revelock’s development team, managing task distribution and negotiating with the Head of Technology.
Blog Post by David Morán
David Morán Sep 13, 2021 9 min read
New Spam Campaigns with a Variant of IcedID
Carrying out spam campaigns by email is one of attackers' most widely used means for introducing banking trojans among users. Today we are going to be talking about a campaign that Kaspersky researchers have observed, in which they have found ...
David Morán Aug 23, 2021 10 min read
Ursnif and Cerberus: A Combined Attack
On this occasion, we are going to talk about Ursnif, also known as Gozi, and how it uses the Cerberus functionalities to automate fraudulent bank transactions.
David Morán Aug 9, 2021 11 min read
Toddler Expands its Range of Affected European Entities
Today we are going to talk about Toddler, also known as NotFlubot, Anatsa or Teabot, a banking trojan for Android that we have talked a lot about in this report, and that was discovered for the first time in January of this year.
David Morán Jul 26, 2021 2 min read
Bizarro: Infected Through Malicious Macros
Bizarro is a banking trojan whose main targets are Latin American banking entities, although in the last year it has begun to take an interest in European entities, mainly Spanish and Italian.
David Morán Jul 20, 2021 6 min read
Flubot: Text Messages impersonating Delivery Services Companies
There are already several families of banking malware for Android that we have seen appear at the beginning of 2021, such as Toodler, Oscorp, and now, FluBot.
David Morán Jun 29, 2021 4 min read
Oscorp: Android banking Trojan to steal cryptocurrency and 2FA codes
Oscorp is the new banking trojan that has appeared in the world of Android bankers at the beginning of 2021.
David Morán Jun 14, 2021 6 min read
Updates to REvil ransomware
The REvil (Sodinokibi) ransomware has been the subject of several news articles related to cybersecurity in recent months. For example, one of the most notorious was the infection suffered by Acer, with a ransom of 50 million dollars that rose to ...
David Morán May 24, 2021 8 min read
Osiris Banking Trojan for Windows
Morphisec identified a new campaign targeting German clients, characterized by the download of an Osiris client with the ability to communicate via Tor with the command-and-control server (C2).
David Morán Mar 15, 2021 2 min read
Toddler: Credential theft overlays and accessibility event logging
In January of 2021, a new family of previously undetected banking malware was discovered. The samples were found on the VirusTotal and Koodous malware analysis platforms.
David Morán Jan 20, 2021 9 min read
2021 Banking Malware Trends
This past 2020 has been a year full of high-profile attacks and notorious vulnerabilities, watered with a pandemic climate that cybercriminals have taken advantage of.
David Morán Dec 9, 2020 12 min read
Malware Authors Update Themselves: Blockchain-Based Decentralized DNS
Perhaps one of the biggest news stories from last October was the operation carried out by Microsoft and its partners , under the protection of a court order, to dismantle Trickbot, a banking trojan that has evolved to become a "mule" of various ...
David Morán Nov 30, 2020 8 min read
Wroba: Banking Malware Spreads Across the US via SMS
New samples of this trojan were encountered on the smartphones of US users, which points to the possibility of a campaign aimed at expanding the number of affected users in these areas.