Online Banking Fraud Blog

David García Sep 30, 2021 2 min read

Vultur: Theft of Credentials through the Accessibility Event Log together with the Recording of the Infected Device's Screen

Researchers at ThreatFabric detected a new Remote Access Trojan (RAT) for Android used to steal banking credentials from its victims.
Start Reading
David García Sep 21, 2021 2 min read

Coper: Use of Phishing Injections (Overlays) and the Log of Accessibility Events (Keylogging)

In July, a new family of banking malware for Android mobile devices was detected. 
Start Reading
David García Sep 17, 2021 8 min read

TeaBot: Banking Trojan for Android

As we've already discussed in previous articles, mobile phones are not free from banking trojans. This time we are going to be talking about a trojan for Android that was discovered by the Threat Intelligence and Incident Response (TIR) team at ...
Start Reading
David Morán Sep 13, 2021 9 min read

New Spam Campaigns with a Variant of IcedID

Carrying out spam campaigns by email is one of attackers' most widely used means for introducing banking trojans among users. Today we are going to be talking about a campaign that Kaspersky researchers have observed, in which they have found ...
Start Reading
David Morán Aug 23, 2021 10 min read

Ursnif and Cerberus: A Combined Attack

On this occasion, we are going to talk about Ursnif, also known as Gozi, and how it uses the Cerberus functionalities to automate fraudulent bank transactions.
Start Reading
David García Aug 16, 2021 3 min read

Medusa Banking Trojan exploits several Social Networks to communicate with Control Server

Medusa is a banking trojan that started out in July 2020. During the summer of that year, new campaigns from this family were detected, although new samples were no longer seen after September. 
Start Reading
David Morán Aug 9, 2021 11 min read

Toddler Expands its Range of Affected European Entities

Today we are going to talk about Toddler, also known as NotFlubot, Anatsa or Teabot, a banking trojan for Android that we have talked a lot about in this report, and that was discovered for the first time in January of this year.
Start Reading
David Morán Jul 26, 2021 2 min read

Bizarro: Infected Through Malicious Macros

Bizarro is a banking trojan whose main targets are Latin American banking entities, although in the last year it has begun to take an interest in European entities, mainly Spanish and Italian.
Start Reading
David Morán Jul 20, 2021 6 min read

Flubot: Text Messages impersonating Delivery Services Companies

There are already several families of banking malware for Android that we have seen appear at the beginning of 2021, such as Toodler, Oscorp, and now, FluBot.
Start Reading
David Morán Jun 29, 2021 4 min read

Oscorp: Android banking Trojan to steal cryptocurrency and 2FA codes

Oscorp is the new banking trojan that has appeared in the world of Android bankers at the beginning of 2021.
Start Reading
David Morán Jun 14, 2021 6 min read

Updates to REvil ransomware

The REvil (Sodinokibi) ransomware has been the subject of several news articles related to cybersecurity in recent months. For example, one of the most notorious was the infection suffered by Acer, with a ransom of 50 million dollars that rose to ...
Start Reading
David García May 31, 2021 9 min read

Malware in SolarWinds: GoldMax, Sibot and GoldFinder

Ever since the attack using SolarWinds components became known last December, researchers have continued to analyze its wake. Not only to uncover its scope, but also to understand all of its parts and thus improve the detection systems to avoid ...
Start Reading