Trojan News, Articles and Updates

Dofoil trojan spotted and stopped after 400,000 instances recorded

Microsoft says it has discovered and stopped a large attack that attempted to use variants of the Dofoil, or Smoke Loader, trojan to spread a cryptocurrency miner.

Hidden Cobra malware infects Androids, turns Windows machines into proxies

The DHS and FBI on Tuesday jointly released two new reports analysing trojan malware attributed to Hidden Cobra, aka Lazarus Group -- a threat actor widely believed to be sponsored by the North Korean government.

Coinhive being spread by hackers hacking back other hackers

Cryptocurrency miners are posting extremely detailed and legitimate looking hacking apps that are in fact trojans designed to spread the Coinhive cryptocurrency miner.

Researchers trace BitPaymer ransomware back to Dridex developers

A relatively new ransomware that infected Scottish hospitals last summer appears to be created by the same developers who are responsible for the dreaded Dridex banking trojan.

North Korea-linked trojan switches targets from banks to cryptocurrency enthusiasts

Originally used by reputed North Korean hackers to attack the global banking sector, the Ratankba downloader trojan has been repurposed into a PowerShell-based variant that appears to be targeting small, non-financial organisations.

Android banking trojan targets more than 232 apps

Security researchers have found a new strain of malware targeting banking apps on Android devices.

Zeus Panda targeting holiday shoppers

With just a few more shopping days available before Christmas, cyber-criminals are taking advantage of online shoppers' frenzied buying habits by injecting the Zeus Panda banking trojan into a wide range of retail and travel sites.

Fake Gunbot Bitcoin tool spreads Orcus RAT via spam

A remote access trojan is targeting Bitcoin investors using spam emails claiming to advertise a new Bitcoin trading bot called Gunbot but instead spreads an Orcus RAT malware that looks to steal Bitcoin and more.

UBoatRAT targets firms in East Asia

A new remote access Trojan (RAT) has been discovered aiming at people and organisations based in South Korea. South Korea and video games companies affected.

Terdot banking trojan targets social media, email & financial services

Saying that Terdot malware is a banking trojan is kind of like saying your computer is a giant calculator. Yes, that's essentially what it is, but it's also a whole lot more.

New IcedID banking trojan already rivals worst of its malware peers

A banking trojan that's been targeting US financial institutions and services since at least September is already as advanced in its capabilities as its predecessors Zeus, Gozi, and Dridex, researchers from IBM have reported.

Marcher banking trojan campaign attacks Austrians' finances three different ways

An attack campaign targeting Android users in Austria has been employing a novel trio of techniques to steal their funds: a credentials phishing web page, malicious banking app overlays, and credit card phishing screens.

Banking Trojan gang poisons Google results to spread malware: more comment

Cunning SEO trickery and new variant of Zeus Panda targets international banking customers

Corebot banking trojan returns - after modifying indicators of compromise

A new variant of the banking Trojan, CoreBot, which was mainly active in the summer of 2015, has been spotted by security researchers with the new variant spreading via malicious Office documents.

Russian hackers silently threaten global financial organisations

A new bankrobber Trojan has been identified by researchers at Kaspersky Lab, quietly stealing money direct from the banks themselves rather than targeting customers.

Cryptoshuffler trojan diverting bitcoin payments to criminal's pockets

Cryptocurrency mining may be all the rage right now, but some malicious actors are finding it easier to use a specialised trojan that simply steals the money right out of a digital wallet.

Ursnif banking malware surges in Japan, banks and payment card Cos hit

Malspam campaigns designed to spread the Ursnif banking trojan have been heavily targeting Japanese banks and payment card providers in 2017, especially since September, according to IBM'sX-Force research team.

Swiss phishing scam aims to download Retefe banking trojan

Researchers with PhishMe have released the details of a phishing campaign, currently being run in Switzerland, that uses a tax dodge to entice its victims to open an attached file, which will then download the Retefe banking trojan.

LokiBot Android Banking Trojan turns into ransomware in last ditch effort

An Android banking trojan dubbed LokiBot turns into a ransomware when users try to remove its admin privileges in a last ditch effort to extort the user.

Elmedia unknowingly distributed OSX/Proton malware

A trojanised version of Elmita's Elmedia Player software was seen being distributed via the company's own official site in the late hours of 20 October 2017.

Phishing campaigns used victim's location to determine whether to deliver Locky or Trickbot

Researchers at PhishMe recently detected two email-based phishing campaigns that infected users with either Lockyransomware or the Trickbot banking trojan based on the victim's geographical location.

Brazilian banking trojan uses legit VMware binary to bypass security

Cyber-criminals are using legitimate VMware binary to spread banking trojans in a new phishing campaign targeting the Brazilian financial sector.

EternalBlue exploit used in Swiss campaigns by Retefe malware

Trojan uses NSA EtneralBlue exploit to hijack computers for new ransomware campaign targeting unpatched systems.

Red Alert banking malware steals credentials

A new strain of banking malware is targeting Android users, security researchers have discovered. Red Alert Trojan targets more than 60 banking and social networking apps

Trickbot banking Trojan a significant risk to financial institutions

Vitali Kremez reports how the Necurs botnet is delivering a different type of malware that poses a threat specifically to the financial sector: the "Trickbot" banking Trojan.

Dirty double-crossing Rat - Secret backdoor in trojan builder kit

A free remote access trojan builder kit that was recently observed in various cyber-crime forums secretly contains an injected backdoor module that allows the kit's authors to take over the malware later.

Hackers rewrite Jimmy Nukebot malware to change its goals and tasks

Jimmy Nukebot malware trojan becomes more modular to increase flexibility and make static analysis much more complicated - shows ability to adapt to the goals and tasks set before a botnet to take advantage of a new source.

Researcher spots uptick in WAP-billing trojan-clickers

Kaspersky Lab researcher Roman Unuchek spotted an uptick in WAP-billing trojan-clickers from different cybercriminal groups targeting users in Russia and India.

New Windows flaw could allow a WannaCry-like attack if not patched

Network administrators and computer owners are once again being implored to make sure that they have updated Windows to block a WannaCry-like vulnerability.