Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges

December 5, 2024 at 04:08PM The Android RAT “DroidBot” features keylogging and data monitoring, targeting banks and organizations. Active since mid-2024, it’s linked to 17 affiliate groups and 77 attacks in Europe, with plans to expand into Latin America. Researchers warn its evolution into malware-as-a-service poses greater cybersecurity threats. ### Meeting Notes Takeaways: 1. **Emergence … Read more

This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

December 5, 2024 at 11:15AM A new Android remote access trojan (RAT) called DroidBot targets 77 banking institutions and organizations. Disguised as security apps, it utilizes keylogging and UI monitoring. Active since June 2024, it operates on a Malware-as-a-Service model, with affiliates customizing the malware for attacks predominantly across Europe. ### Meeting Takeaways – December … Read more

‘DroidBot’ Android Trojan Targets Banking, Cryptocurrency Applications

December 5, 2024 at 08:29AM A new Android remote access trojan (RAT) named DroidBot targets 77 banks and exchanges, primarily in Europe, with plans to expand to Latin America. It features advanced capabilities like keylogging and overlay attacks, distributed via fake security apps. Offered as malware-as-a-service, affiliates can manage infected devices for various malicious actions. … Read more

New DroidBot Android banking malware spreads across Europe

December 4, 2024 at 01:33PM A new Android banking malware, ‘DroidBot,’ targets over 77 cryptocurrency and banking apps in Europe. Active since June 2024, it operates as a malware-as-a-service platform, facilitating attacks for affiliates. Key features include keylogging and SMS interception. Users are urged to download apps from Google Play and review permissions carefully. ### … Read more

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

November 22, 2024 at 01:58AM Researchers found two malicious packages on PyPI, impersonating AI models to deploy the JarkaStealer malware. Uploaded in November 2023, the packages had 1,748 and 1,826 downloads, respectively. They revealed risks of supply chain attacks, emphasizing caution when using open-source components in development. The packages are now unavailable for download. ### … Read more

Russian charged by U.S. for creating RedLine infostealer malware

October 29, 2024 at 09:07AM The U.S. charged Russian national Maxim Rudometov, a key figure in the RedLine malware operation, which stole credentials and financial data. Part of an international crackdown, authorities disrupted the malware platform and arrested two in Belgium. Rudometov faces multiple charges with potential maximum sentences totaling 35 years in prison. ### … Read more

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

October 2, 2024 at 11:27AM A recent spear-phishing email campaign targeted recruiters using the More_eggs JavaScript backdoor, with actors posing as fake job applicants to infect systems. The malware, attributed to the Golden Chickens group, enables credential theft and has been linked to several e-crime groups. Trend Micro observed a variation of the campaign utilizing … Read more

Cyberattackers Use HR Targets to Lay More_Eggs Backdoor

October 1, 2024 at 01:24PM A threat group targeting multinational financial organizations impersonates job seekers to execute a spear-phishing campaign spreading the “more_eggs” backdoor. Trend Micro researchers linked this campaign to FIN6 and cautioned that the malware’s MaaS nature blurs threat actor lines. Vigilance and robust security measures are needed to combat this evolving threat. … Read more

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

July 26, 2024 at 09:36AM The GXC Team, a Spanish-speaking cybercrime group, has bundled phishing kits with malicious Android apps, creating a sophisticated phishing-as-a-service platform. They target users of Spanish banks and institutions worldwide, using smishing and social engineering techniques. The threat also involves AI-infused voice calling tools, AI-powered voice cloning, and adversaries-in-the-middle capabilities in … Read more

Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware

June 13, 2024 at 06:48AM Cybersecurity firm Intezer identified a new malware, SSLoad, distributed through a previously undocumented loader called PhantomLoader. SSLoad infiltrates systems through phishing emails and delivers additional malware. It has been observed deploying the legitimate adversary simulation software Cobalt Strike. The malware demonstrates sophisticated capabilities, including reconnaissance and dynamic string decryption. Phishing … Read more