Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

May 19, 2024 at 04:18AM The Grandoreiro banking trojan, previously targeted at Latin America, has reemerged in a global campaign, expanding its reach to over 1,500 banks across 60+ countries. The large-scale phishing attacks utilize a sophisticated malware, employing tactics to avoid detection and compromising victims’ systems, including the abuse of Microsoft Outlook to spread … Read more

Android malware Grandoreiro returns after police disruption

May 18, 2024 at 01:14PM The Android banking trojan “Grandoreiro” is spreading in a large-scale phishing campaign across 60+ countries, targeting accounts of about 1,500 banks. Despite law enforcement efforts in January 2024, it has reemerged with new features and is now targeting English-speaking countries, employing diverse phishing lures and expanded capabilities, indicating a resilient … Read more

Syrian Threat Group Peddles Destructive SilverRAT

January 5, 2024 at 02:23PM The SilverRAT Trojan, with ties to Turkey and Syria, is set to release an updated version allowing for control over Windows systems and Android devices. The sophisticated tool includes features for keylogging, ransomware attacks, anti-antivirus bypasses, and more. The group, Anonymous Arabic, also offers DDoS attacks and operates in various … Read more

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

January 3, 2024 at 08:36AM Malware utilizing an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions, allowing continuous access to Google services even after a password reset. Threat actor PRISMA first revealed the technique, which has been incorporated into various malware-as-a-service (MaaS) stealer families. Google acknowledges the attack and advises users to log … Read more

BazaCall Phishing Scammers Now Leveraging Google Forms for Deception

December 13, 2023 at 10:42AM Cybersecurity firm Abnormal Security reported that threat actors behind the BazaCall phishing attacks are now using Google Forms to enhance the credibility of their scheme, demonstrating a new attack variant. This method aims to bypass secure email gateways by leveraging trusted domains and dynamically generated URLs. Additionally, recruiters are being … Read more

Malware Uses Trigonometry to Track Mouse Strokes

November 20, 2023 at 05:06PM The latest version of the LummaC2 malware-as-a-service has a new anti-sandbox feature. Version 4.0 uses trigonometry to track mouse movements and detect when a human user is active on a compromised computer. This allows the malware to avoid detection in sandboxes and gain access to the network. While the use … Read more

Actions to Take to Defeat Initial Access Brokers

November 17, 2023 at 12:08PM Access-as-a-service (AaaS) is a new cybercrime business model that involves selling methods for accessing networks. Criminals known as access brokers steal enterprise user credentials and sell them to other attackers. The buyers then use ransomware or malware services to steal confidential data. Countermeasures to mitigate these threats include monitoring the … Read more

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

October 13, 2023 at 07:06AM DarkGate, a piece of malware, is being spread through instant messaging platforms like Skype and Microsoft Teams. The malware is delivered disguised as a PDF document and triggers the download and execution of an AutoIt script that launches the malware. The malware can harvest sensitive data, conduct cryptocurrency mining, and … Read more