Trojan News, Articles and Updates

Fake Gunbot Bitcoin tool spreads Orcus RAT via spam

A remote access trojan is targeting Bitcoin investors using spam emails claiming to advertise a new Bitcoin trading bot called Gunbot but instead spreads an Orcus RAT malware that looks to steal Bitcoin and more.

UBoatRAT targets firms in East Asia

A new remote access Trojan (RAT) has been discovered aiming at people and organisations based in South Korea. South Korea and video games companies affected.

Terdot banking trojan targets social media, email & financial services

Saying that Terdot malware is a banking trojan is kind of like saying your computer is a giant calculator. Yes, that's essentially what it is, but it's also a whole lot more.

New IcedID banking trojan already rivals worst of its malware peers

A banking trojan that's been targeting US financial institutions and services since at least September is already as advanced in its capabilities as its predecessors Zeus, Gozi, and Dridex, researchers from IBM have reported.

Marcher banking trojan campaign attacks Austrians' finances three different ways

An attack campaign targeting Android users in Austria has been employing a novel trio of techniques to steal their funds: a credentials phishing web page, malicious banking app overlays, and credit card phishing screens.

Banking Trojan gang poisons Google results to spread malware: more comment

Cunning SEO trickery and new variant of Zeus Panda targets international banking customers

Corebot banking trojan returns - after modifying indicators of compromise

A new variant of the banking Trojan, CoreBot, which was mainly active in the summer of 2015, has been spotted by security researchers with the new variant spreading via malicious Office documents.

Russian hackers silently threaten global financial organisations

A new bankrobber Trojan has been identified by researchers at Kaspersky Lab, quietly stealing money direct from the banks themselves rather than targeting customers.

Cryptoshuffler trojan diverting bitcoin payments to criminal's pockets

Cryptocurrency mining may be all the rage right now, but some malicious actors are finding it easier to use a specialised trojan that simply steals the money right out of a digital wallet.

Ursnif banking malware surges in Japan, banks and payment card Cos hit

Malspam campaigns designed to spread the Ursnif banking trojan have been heavily targeting Japanese banks and payment card providers in 2017, especially since September, according to IBM'sX-Force research team.

Swiss phishing scam aims to download Retefe banking trojan

Researchers with PhishMe have released the details of a phishing campaign, currently being run in Switzerland, that uses a tax dodge to entice its victims to open an attached file, which will then download the Retefe banking trojan.

LokiBot Android Banking Trojan turns into ransomware in last ditch effort

An Android banking trojan dubbed LokiBot turns into a ransomware when users try to remove its admin privileges in a last ditch effort to extort the user.

Elmedia unknowingly distributed OSX/Proton malware

A trojanised version of Elmita's Elmedia Player software was seen being distributed via the company's own official site in the late hours of 20 October 2017.

Phishing campaigns used victim's location to determine whether to deliver Locky or Trickbot

Researchers at PhishMe recently detected two email-based phishing campaigns that infected users with either Lockyransomware or the Trickbot banking trojan based on the victim's geographical location.

Brazilian banking trojan uses legit VMware binary to bypass security

Cyber-criminals are using legitimate VMware binary to spread banking trojans in a new phishing campaign targeting the Brazilian financial sector.

EternalBlue exploit used in Swiss campaigns by Retefe malware

Trojan uses NSA EtneralBlue exploit to hijack computers for new ransomware campaign targeting unpatched systems.

Red Alert banking malware steals credentials

A new strain of banking malware is targeting Android users, security researchers have discovered. Red Alert Trojan targets more than 60 banking and social networking apps

Trickbot banking Trojan a significant risk to financial institutions

Vitali Kremez reports how the Necurs botnet is delivering a different type of malware that poses a threat specifically to the financial sector: the "Trickbot" banking Trojan.

Dirty double-crossing Rat - Secret backdoor in trojan builder kit

A free remote access trojan builder kit that was recently observed in various cyber-crime forums secretly contains an injected backdoor module that allows the kit's authors to take over the malware later.

Hackers rewrite Jimmy Nukebot malware to change its goals and tasks

Jimmy Nukebot malware trojan becomes more modular to increase flexibility and make static analysis much more complicated - shows ability to adapt to the goals and tasks set before a botnet to take advantage of a new source.

Researcher spots uptick in WAP-billing trojan-clickers

Kaspersky Lab researcher Roman Unuchek spotted an uptick in WAP-billing trojan-clickers from different cybercriminal groups targeting users in Russia and India.

New Windows flaw could allow a WannaCry-like attack if not patched

Network administrators and computer owners are once again being implored to make sure that they have updated Windows to block a WannaCry-like vulnerability.

Svpeng mobile banking trojan now a keylogger

Cybercriminals have updated the functionality of the popular Svpeng mobile banking trojan giving it keylogger capabilities and the ability to access the text input from almost all of a devices apps.

New variant of Emotet banking trojan spreads internally like worm

Samples of the banking trojan Emotet have begun to surface with the ability to internally propagate, using credential brute-force techniques.

More than 800 Google Play Android apps spotted with Xavier Trojan SDK

Trend Micro researchers spotted more than 800 Android applications available on the Google Play Store embedded with the software development kit (SDK) of the information-stealing ad library dubbed "Xavier."

Symantec finds fake AV being distributed using HSBC phishing emails

Fake HSBC emails are being spread, asking users to install a malicious version of Rapport, a legitimate security program designed to protect online bank accounts from fraud.

TrickBot banking Trojan linked to the team behind Dyre

The threat actors behind the notorious Dyre banking Trojan may be back in action, this time supporting the new TrickBot Trojan.

Dridex wielding duo sent down by NCA

A pair of Moldovan nationals have been given a combined sentence of over a decade for laundering the ill-gotten gains of the Dridex trojan

Source code of Mirai DDoS Trojan released online

Over the weekend, the source code of the Trojan which used huge numbers of IoT devices to form a botnet and attack the websites of security blogger Brian Krebs and European web hosting company OVH, with a DDoS attack was released online.