Month: April 2024
VBKlip has evolved significantly from searching for IBAN data in copy-paste functionality to MITB techniques. Source link lol
Read MoreSlave is financial malware written in Visual Basic. Since 2015 it has evolved from relatively simple IBAN swapping of destination bank account numbers to stealthy browser infection, function hooking, and unique webinjects. Slave conducts its attack by hooking the Internet browser functions and manipulating their code for various fraudulent activities. This manipulation can be…
Read MoreRenewed Dyre Commands Dyre uses a windows pipe for inter-process communication, passing commands from the main module it injects into the “windows explorer’ process to other processes. The commands are passed both to browsers launched by the user and stealthy worker-processes launched by the malware itself. In the new sample, most of the commands discussed…
Read MoreWebinject attacks modify webpages to allow fraudsters to collect credentials, or act more directly against user accounts. The newsidron.com script injection serves as a good example of how these attacks are conducted, detected, and ultimately stopped. A Trojan is a piece of malware that appears to the user to perform a desirable function, but…
Read More
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group…
Read MoreStandard mobile banking trojans post their own fraudulent content over banking applications. The Yasuo-Bot malware takes it a step further by dynamically pulling fraudulent content from the C&C server. Since 2010, mobile malware is on the rise. The first mobile Trojan launched was Zitmo (Zeus in the mobile), a mobile version of the most…
Read MoreFake Pages An attack vector that strongly identified the Dyre malware is massively used now by Dridex authors. To accomplish that, the latest uses the same old “redirection” technique. The malware part that resides inside the browser implementation (“Man-in-the-Browser”) is able to intercept the browser’s requests sent to any domain and redirect them to the…
Read MoreOngoing campaign analysis has revealed that Dridex malware's latest focus has strongly shifted in recent months to US banks. Source link lol
Read MoreMore Complexity to Come The profession of webinject crafting is being reflected in Trojan campaigns against banks. We can only guess whether the resemblance between the webinjects is a result of a cooperation or of both fraudsters buying webinjects from the same third party. Either way, a great deal of fraud business logic is now…
Read MoreIf an attacker wants to launch a powerful Low and Slow DDoS attack, surprisingly, he or she will find only a single tool in this bundle. That is the well-known Slowloris.pl Perl tool, which is not authored by Anonymous at all. R.U.D.Y and other slow POST tools are noticeably missing from this bundle. Another group…
Read More