Author: nlqip

  Slave is financial malware written in Visual Basic. Since 2015 it has evolved from relatively simple IBAN swapping of destination bank account numbers to stealthy browser infection, function hooking, and unique webinjects. Slave conducts its attack by hooking the Internet browser functions and manipulating their code for various fraudulent activities. This manipulation can be…

Read More

Renewed Dyre Commands Dyre uses a windows pipe for inter-process communication, passing commands from the main module it injects into the “windows explorer’ process to other processes. The commands are passed both to browsers launched by the user and stealthy worker-processes launched by the malware itself. In the new sample, most of the commands discussed…

Read More

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group…

Read More

  Standard mobile banking trojans post their own fraudulent content over banking applications. The Yasuo-Bot malware takes it a step further by dynamically pulling fraudulent content from the C&C server. Since 2010, mobile malware is on the rise. The first mobile Trojan launched was Zitmo (Zeus in the mobile), a mobile version of the most…

Read More

Fake Pages An attack vector that strongly identified the Dyre malware is massively used now by Dridex authors. To accomplish that, the latest uses the same old “redirection” technique. The malware part that resides inside the browser implementation (“Man-in-the-Browser”) is able to intercept the browser’s requests sent to any domain and redirect them to the…

Read More

Ongoing campaign analysis has revealed that Dridex malware's latest focus has strongly shifted in recent months to US banks. Source link lol

Read More

More Complexity to Come The profession of webinject crafting is being reflected in Trojan campaigns against banks. We can only guess whether the resemblance between the webinjects is a result of a cooperation or of both fraudsters buying webinjects from the same third party. Either way, a great deal of fraud business logic is now…

Read More

If an attacker wants to launch a powerful Low and Slow DDoS attack, surprisingly, he or she will find only a single tool in this bundle. That is the well-known Slowloris.pl Perl tool, which is not authored by Anonymous at all. R.U.D.Y and other slow POST tools are noticeably missing from this bundle. Another group…

Read More

Distributed Denial of Service (DDoS) is a common attack method used by hacker groups and individuals to severely hamper or shut down an organization’s online services, causing both monetary and reputation losses. While DDoS attacks have been common since the late 2000s, attack sizes have increased significantly in the past few years. Our new normal…

Read More