banking trojan

Pierluigi Paganini July 31, 2021
Android Banking Trojan Vultur uses screen recording for credentials stealing

Experts spotted a new strain of Android banking Trojan dubbed Vultur that uses screen recording and keylogging for the capturing of login credentials. ThreatFabric researchers discovered a new Android banking Trojan, tracked as Vultur, that uses screen recording and keylogging to capture login credentials. Vultur was first spotted in late March 2021, it gains full […]

Pierluigi Paganini November 20, 2020
QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor

The QakBot banking trojan has dropped the ProLock ransomware, they are now opting for the Egregor ransomware in their operations. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered that QakBot (aka Qbot) operators have abandoned ProLock for Egregor ransomware. Egregor has been actively distributed since September 2020 and has so far hit […]

Pierluigi Paganini November 10, 2020
Tetrade hackers target 112 financial apps with Ghimob banking Trojan

Researchers from Kaspersky Lab spotted a new Android banking Trojan, dubbed Ghimob, that is able to steal data from 112 financial Apps Ghimob is a new Android banking Trojan discovered by Kaspersky that is able to steal data from 112 financial apps. In July, cybersecurity researchers from Kaspersky Lab have detailed four different families of […]

Pierluigi Paganini September 16, 2020
Source code of Cerberus banking Trojan leaked on underground forums

The source code of the infamous Cerberus banking Trojan has been released for free on underground hacking forums following a failed auction.  The author of the Cerberus banking Trojan has released the source code of the malware on underground hacking forums following a failed auction.  In July, the authors of the notorious Cerberus Android banking trojan auctioned […]

Pierluigi Paganini July 20, 2020
Tedrade banking malware families target users worldwide

The Tetrade term coined by Kaspersky experts to refer four large banking trojan families developed and spread by Brazilian crooks worldwide. Cybersecurity researchers from Kaspersky Lab have detailed four different families of Brazilian banking trojans, tracked as Tetrade, that have targeted financial institutions in Brazil, Latin America, and Europe. The four malware families are named Guildma, Javali, […]

Pierluigi Paganini March 25, 2020
Fake Coronavirus Finder spread Ginp Mobile Banker

Security experts have spotted a new COVID-themed campaign aimed at distributing the Ginp Mobile Banker with “Coronavirus Finder” lure. With the COVID19 outbreak, the number of Coronavirus-themed attacks is rapidly increasing. Kaspersky Lab experts have uncovered a malicious campaign that is spreading the Android banking trojan Ginp masquerade as a Coronavirus Finder. “Cybercriminals behind Ginp, […]

Pierluigi Paganini March 19, 2020
Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

A new variant of the TrickBot malware is targeting telecommunications organizations in the United States and Hong Kong. Security experts from Bitdefender recently discovered a new TrickBot variant that is targeting telecommunications organizations in the United States and Hong Kong. TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously […]

Pierluigi Paganini August 17, 2019
New DanaBot banking Trojan campaign targets Germany

The DanaBot banking Trojan continues to evolve and spread across the continents, now moving from Australia to European countries.  DanaBot is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. The malware implements a modular structure that allows operators to add new functionalities by adding new plug-ins. The […]

Pierluigi Paganini July 01, 2019
New variant of Dridex banking Trojan implements polymorphism

Security researchers at eSentire tracked a new campaign spreading a variant of the Dridex banking Trojan that shows polymorphism. Security experts at eSentire observed a new campaign spreading a variant of the Dridex banking Trojan that implements polymorphism. The Dridex banking Trojan that has been around since 2014, it was involved in numerous campaigns against financial institutions over the […]

Pierluigi Paganini May 06, 2019
Retefe Banking Trojan resurfaces in the threat landscape with innovations

Security experts at Proofpoint warn of the resurfacing of the Retefe banking Trojan that implements new techniques to avoid detection. The Retefe banking Trojan resurfaces in that threat landscape and implements new techniques to avoid detection. The new variant resurfaced in April, it uses the stunnel encrypted tunneling mechanism and abuses a legitimate shareware app. […]