Trojan News, Articles and Updates

MysteryBot Android trojan aims at banking apps

Security researchers have discovered a new type of malware that combines three-legged threat with a banking trojan, keylogger, and mobile ransomware in one package.

Hackers using Excel IQY files to dodge antivirus and download malware

Security researchers have discovered a new spam email campaign using a novel approach to infect victims. Users tricked into downloading and executing malicious script via Excel.

RIG EK campaign delivers researcher-phobic backdoor trojan Grobios

The RIG Exploit Kit has been causing trouble again, this time delivering a backdoor trojan called Grobios, which takes great pains to avoid detection and evade virtual and sandbox environments.

Vega Stealer malware targeting marketing, PR and advertising sectors

Researchers have come across a new ransomware variant named Vega Stealer that is taking special aim at those in the marketing, advertising, public relations and retail/manufacturing industries.

Malicious calculator app adds up Bitvote coins in cryptomining scheme

Attackers recently distributed a trojanised calculator app that downloads a cryptominer targeting Bitvote (BTV), a forked version of Bitcoin that launched just last January.

URL file attacks spread Quant Loader trojan

A recent spate of attacks using phishing, social engineering, exploits, and obfuscation are being used to spread a Quant Loader trojan capable of distributing ransomware and password stealers.

Fake updates push Chtonic, NetSupport RAT via Joomla and WordPress sites

Malwarebytes has examined a relatively new fake update scam that uses a combination of legitimate websites, a real cloud storage site and social engineering to pass along either a banking Trojan and remote access tool to its victims.

Flaw in 'Sloppy' LockCrypt ransomware enables some victims to escape

Malwarebytes researchers discovered a weakness in the LockCrypt ransomware which enabled them to recover victim's files.

Dofoil trojan spotted and stopped after 400,000 instances recorded

Microsoft says it has discovered and stopped a large attack that attempted to use variants of the Dofoil, or Smoke Loader, trojan to spread a cryptocurrency miner.

Hidden Cobra malware infects Androids, turns Windows machines into proxies

The DHS and FBI on Tuesday jointly released two new reports analysing trojan malware attributed to Hidden Cobra, aka Lazarus Group -- a threat actor widely believed to be sponsored by the North Korean government.

Coinhive being spread by hackers hacking back other hackers

Cryptocurrency miners are posting extremely detailed and legitimate looking hacking apps that are in fact trojans designed to spread the Coinhive cryptocurrency miner.

Researchers trace BitPaymer ransomware back to Dridex developers

A relatively new ransomware that infected Scottish hospitals last summer appears to be created by the same developers who are responsible for the dreaded Dridex banking trojan.

North Korea-linked trojan switches targets from banks to cryptocurrency enthusiasts

Originally used by reputed North Korean hackers to attack the global banking sector, the Ratankba downloader trojan has been repurposed into a PowerShell-based variant that appears to be targeting small, non-financial organisations.

Android banking trojan targets more than 232 apps

Security researchers have found a new strain of malware targeting banking apps on Android devices.

Zeus Panda targeting holiday shoppers

With just a few more shopping days available before Christmas, cyber-criminals are taking advantage of online shoppers' frenzied buying habits by injecting the Zeus Panda banking trojan into a wide range of retail and travel sites.

Fake Gunbot Bitcoin tool spreads Orcus RAT via spam

A remote access trojan is targeting Bitcoin investors using spam emails claiming to advertise a new Bitcoin trading bot called Gunbot but instead spreads an Orcus RAT malware that looks to steal Bitcoin and more.

UBoatRAT targets firms in East Asia

A new remote access Trojan (RAT) has been discovered aiming at people and organisations based in South Korea. South Korea and video games companies affected.

Terdot banking trojan targets social media, email & financial services

Saying that Terdot malware is a banking trojan is kind of like saying your computer is a giant calculator. Yes, that's essentially what it is, but it's also a whole lot more.

New IcedID banking trojan already rivals worst of its malware peers

A banking trojan that's been targeting US financial institutions and services since at least September is already as advanced in its capabilities as its predecessors Zeus, Gozi, and Dridex, researchers from IBM have reported.

Marcher banking trojan campaign attacks Austrians' finances three different ways

An attack campaign targeting Android users in Austria has been employing a novel trio of techniques to steal their funds: a credentials phishing web page, malicious banking app overlays, and credit card phishing screens.

Banking Trojan gang poisons Google results to spread malware: more comment

Cunning SEO trickery and new variant of Zeus Panda targets international banking customers

Corebot banking trojan returns - after modifying indicators of compromise

A new variant of the banking Trojan, CoreBot, which was mainly active in the summer of 2015, has been spotted by security researchers with the new variant spreading via malicious Office documents.

Russian hackers silently threaten global financial organisations

A new bankrobber Trojan has been identified by researchers at Kaspersky Lab, quietly stealing money direct from the banks themselves rather than targeting customers.

Cryptoshuffler trojan diverting bitcoin payments to criminal's pockets

Cryptocurrency mining may be all the rage right now, but some malicious actors are finding it easier to use a specialised trojan that simply steals the money right out of a digital wallet.

Ursnif banking malware surges in Japan, banks and payment card Cos hit

Malspam campaigns designed to spread the Ursnif banking trojan have been heavily targeting Japanese banks and payment card providers in 2017, especially since September, according to IBM'sX-Force research team.

Swiss phishing scam aims to download Retefe banking trojan

Researchers with PhishMe have released the details of a phishing campaign, currently being run in Switzerland, that uses a tax dodge to entice its victims to open an attached file, which will then download the Retefe banking trojan.

LokiBot Android Banking Trojan turns into ransomware in last ditch effort

An Android banking trojan dubbed LokiBot turns into a ransomware when users try to remove its admin privileges in a last ditch effort to extort the user.

Elmedia unknowingly distributed OSX/Proton malware

A trojanised version of Elmita's Elmedia Player software was seen being distributed via the company's own official site in the late hours of 20 October 2017.

Phishing campaigns used victim's location to determine whether to deliver Locky or Trickbot

Researchers at PhishMe recently detected two email-based phishing campaigns that infected users with either Lockyransomware or the Trickbot banking trojan based on the victim's geographical location.

Brazilian banking trojan uses legit VMware binary to bypass security

Cyber-criminals are using legitimate VMware binary to spread banking trojans in a new phishing campaign targeting the Brazilian financial sector.