Toddler: Credential theft overlays and accessibility event logging
In January of 2021, a new family of previously undetected banking malware was discovered. The samples were found on the VirusTotal and Koodous malware analysis platforms.
VADOKRIST: Banking malware targeting brazilian entities
Vadokrist is a banking trojan designed to steal banking credentials from mainly Brazilian entities. As such, it shares some of its functionalities with other families such as Grandoreiro or Mekoito, which also target Latin America in particular.
2020 Banking Malware Report
2020 has been a year marked by a virus, not one of the ones we usually talk about, but a biological one. COVID-19 monopolized people's attention the past year, including among malware developers.
SUNBURST: The backdoor present in SolarWinds Orion updates
On December 8th, FireEye announced that it had suffered an attack in which the company's proprietary Red Team tools were exposed. In response, they published IOCs that allow the use of the tools to be identified.
MISPADU: theft of credentials through keylogging
Since June of this year and throughout the last quarter of the year, a banking malware for Windows systems has been increasing its number of victims and stealing their banking credentials. Mispadu is a Brazilian banking trojan that has been around ...
Revelock's 3 online fraud predictions for 2021
As for many other industries, 2020 was a turbulent year for the world of online banking fraud and behavioral biometrics.
2021 Banking Malware Trends
This past 2020 has been a year full of high-profile attacks and notorious vulnerabilities, watered with a pandemic climate that cybercriminals have taken advantage of.
The Salami Attack in Cyber Crime
In 1940, the leader of the Hungarian Workers' Party, Mátvás Rákosi, devised a strategy to eliminate the other parties with the intention of creating a communist regime in that country. This strategy consisted of accusing certain rival politicians, ...
BBTOK: malware focused on infection and credential theft of Mexicans
BBtok is a new banking trojan whose authors seem to be focused, at least for the time being, on infecting and stealing the credentials of Mexican users. In the event that the victim who executes the dropper sent by email does not use a Mexican ...
GRANDOREIRO: fraud based on code injections and phishing
Grandoreiro (also known as Delephant) is one of the most active Windows banking trojans in recent months. Its developers seem to be especially interested in Spanish and Latin American users, since the affected banking entities belong to these ...
TrickBoot: TrickBot Module That Interacts with UEFI/BOIS Firmware
TrickBot is a modular malware that has been involved in numerous campaigns, used most recently for the deployment of other malware. The latest enhancements to this malware include a module that inspects devices for firmware vulnerabilities.
Malware Authors Update Themselves: Blockchain-Based Decentralized DNS
Perhaps one of the biggest news stories from last October was the operation carried out by Microsoft and its partners , under the protection of a court order, to dismantle Trickbot, a banking trojan that has evolved to become a "mule" of various ...