Malware

Pierluigi Paganini July 15, 2014
Kronos, the new banking trojan from Russian underground

Experts at Trusteer have recently discovered an adv on the Russian underground market regarding a new financial Trojan dubbed Kronos. Russian underground is probably the most prolific market for sale of banking malware, malicious code like Citadel, Zeus, Gozi have infected millions computers worldwide dominating the malware threat landscape. The huge demand for banking trojan  is creating the conditions […]

Pierluigi Paganini July 12, 2014
GameOver Zeus Reloaded – a new improved version in the wild

Experts from Malcovery Security have discovered that the Gameover Zeus botnet is reborn, a new improved version has emerged from the underground. A few weeks ago we have praised a multinational effort for the takeover of the Gameover Zeus botnet, one of the most long-lived and dangerous malicious infrastructure composed by a number of compromised computers ranging from 500,000 […]

Pierluigi Paganini July 11, 2014
Source code of Tinba banking malware leaked

Security Experts at Danish CSIS Security Group have discovered that source code of Tinba banking trojan was published on an underground forum. The source code for Tinba banking trojan, aka Tinybanker, has been leaked in the cybercrime ecosystem, the malware is recognized as the smallest banking malicious code in the wild and it is available on an underground forum. The […]

Pierluigi Paganini July 10, 2014
Facebook dismantled Lecpetex botnet which infected 250,000 Computers

Facebook in a joint operation with the Greek Cyber Crime Division dismantled the Lecpetex botnet, which infected 250,000 Computers in different countries. Facebook has announced to have successfully conducted the takeover of the Lecpetex botnet  in Greece. The bad actors operating in Greece were using the popular social media platform for illicit activities, including data stealing, malware distribution […]

Pierluigi Paganini July 09, 2014
Deep Panda hacking team targeting US experts on Iraq

Researchers at CrowdStrike reveal that hacking team dubbed Deep Panda is targeting US think thank firms with a significant knowledge on the Iraqi situation. CrowdStrike security firm revealed that a group of hackers, suspected to be linked to the Chinese cyber army, began targeting PCs belonging to think thank firms which are analyzing the Iraqi situation. Experts at […]

Pierluigi Paganini July 05, 2014
Massive Boleto fraud in Brazil caused 3,75 USD billion losses

RSA Security has discovered a large-scale malware campaign, which hijacked Boleto payments causing an amount of financial losses for 3,75 USD billion losses. Security experts at RSA Security have recently discovered a large-scale malware campaign that’s been operating at least for two years, the malicious code implements the man-in-the-browser technique to exploit vulnerabilities in popular browsers, including Chrome, Firefox […]

Pierluigi Paganini July 03, 2014
CosmicDuke malware surprisingly linked to Miniduke campaign

While investigating on MiniDuke malware, experts at F-Secure discovered a surprising link to a new malware, dubbed CosmicDuke, belonging to Cosmu family. Early 2013 experts at Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security (CrySyS) uncovered a cyber espionage campaign dubbed Miniduke which targeted dozens of computers at government agencies across Europe. The hackers exploited a […]

Pierluigi Paganini July 03, 2014
Geodo, the banking trojan with email self-spreading feature

Security researchers from Seculert firm have discovered a variant of the Cridex banking worm, dubbed Geodo, which spreads itself through email. In the last months a significant number of banking trojans have been proposed by cyber criminal ecosystem, from EMOTET to Dyreza, criminals have used a wide casuistry of techniques to deceive bank customers. The primary purpose of the […]

Pierluigi Paganini July 02, 2014
Dragonfly gang is targeting Western energy industry

Security experts at Symantec have detected a new series of attacks worldwide conducted by the Dragonfly gang on SCADA/ICS in critical infrastructure. The energy industry is under attack, more than one thousand companies in Europe and North America are constantly under attack. ICS/SCADA systems are privileged targets of state-sponsored hackers and cyber criminals, last week I wrote […]

Pierluigi Paganini June 29, 2014
Selfmite, the rare Android worm which spreads itself by sending SMS

Experts at AdaptiveMobile discovered a rare Android SMS worm dubbed Selfmite which spreads itself by sending SMS including a malicious link to the contact list. Security researchers at AdaptiveMobile have discovered a rare Android malware dubbed Selfmite that propagates via SMS text messages, the worm in fact sends malicious links to 20 contacts present in the device owner’s address book. Selfmite […]