Trojan

Pierluigi Paganini October 21, 2022
News URSNIF variant doesn’t support banking features

A new variant of the popular Ursnif malware is used as a backdoor to deliver next-stage payloads and steal sensitive data. Mandiant researchers warn of a significant shift from Ursnif‘s original purpose, the malware initially used in banking frauds is now used to deliver next-stage payloads and steal sensitive data. The new variant, first observed […]

Pierluigi Paganini November 15, 2021
QAKBOT Trojan returns using Squirrelwaffle as a dropper

Experts warn of a surge in infections of the QBot (aka Quakbot) banking trojan which seems to be associated with the rise of Squirrelwaffle. Researchers warn of a new wave of QBot (aka Qakbot) banking trojan infections that appears to be associated with the rise of Squirrelwaffle. “Toward the end of September 2021, we noted […]

Pierluigi Paganini February 19, 2021
New Masslogger Trojan variant exfiltrates user credentials

MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. MassLogger Windows credential stealer is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. Cisco Talos experts uncovered attacks against users in Turkey, Latvia, and Italy, the […]

Pierluigi Paganini January 14, 2021
Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian entities exclusively. The attacks aimed at government institutions and private companies, most of them in the energy and metallurgical sectors.  The campaign […]

Pierluigi Paganini December 01, 2020
Malicious npm packages spotted delivering njRAT Trojan

npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’ computers. Security staff behind the npm repository removed two packages that were found containing the malicious code to install the njRAT remote access trojan (RAT) on computers of JavaScript and Node.js developers who imported and […]

Pierluigi Paganini August 12, 2020
Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. Researchers from SentinelOne discovered new variants of the popular Agent Tesla Trojan that includes new modules to steal credentials from applications including popular web browsers, VPN software, as […]

Pierluigi Paganini May 12, 2020
Zeus Sphinx continues to be used in Coronavirus-themed attacks

The Zeus Sphinx banking Trojan continues to evolve while receiving new updates it is employed in ongoing coronavirus-themed scams.  IBM security researcher continues to monitor the evolution of the infamous Zeus Sphinx banking Trojan (aka Zloader or Terdot) that receives frequent updates and that was involved in active coronavirus scams.  The Zeus Sphinx banking Trojan is based […]

Pierluigi Paganini May 07, 2020
Brazilian trojan banker is targeting Portuguese users using browser overlay

Since the end of April 2020, a new trojan has been affecting Portuguese users from several bank organizations. The modus operandi of this piece of malware is not new in Portugal. At least since the year of 2014 that new variants have been observed, with minor changes, and with the objective of collecting bank details […]

Pierluigi Paganini March 24, 2020
WildPressure, a new APT group targets the Middle East’s industrial sector

Security experts from Kaspersky Lab have uncovered the activity of a new threat actor, tracked as WildPressure, targeting the industrial sector in the Middle East. The WildPressure was spotted for the first time in August 2019 when researchers detected a never-before-seen malware that has no similarities with other samples analyzed by the experts. “In August […]

Pierluigi Paganini February 27, 2020
New strain of Cerberus Android banking trojan can steal Google Authenticator codes

Experts found a new version of the Cerberus Android banking trojan that can steal one-time codes generated by the Google Authenticator app and bypass 2FA. Security researchers from ThreatFabric warn of a new Android malware strain can now steal one-time passcodes (OTP) generated through Google Authenticator that is used as part of 2FA to protect online […]