Tag: Man-in-the-middle
Tinba, also known as “Tinybanker”, “Zusy” and “HµNT€R$”, is a banking Trojan that was first seen in the wild around May 2012. Its source code was leaked in July 2014. Cybercriminals customized the leaked code and created an even more sophisticated piece of malware that is being used to attack a large number of popular…
Read MoreDyre is one of the most sophisticated banking and commercial malware agents in the wild. This trojan uses fake login pages, server-side webinjects, and modular architecture to adapt to the victim. This in-depth report looks at the entire fraud flow and its capabilities. Dyre is a relatively new banking Trojan, first seen in the…
Read MoreSlave is financial malware written in Visual Basic. Since 2015 it has evolved from relatively simple IBAN swapping of destination bank account numbers to stealthy browser infection, function hooking, and unique webinjects. Slave conducts its attack by hooking the Internet browser functions and manipulating their code for various fraudulent activities. This manipulation can be…
Read MoreRenewed Dyre Commands Dyre uses a windows pipe for inter-process communication, passing commands from the main module it injects into the “windows explorer’ process to other processes. The commands are passed both to browsers launched by the user and stealthy worker-processes launched by the malware itself. In the new sample, most of the commands discussed…
Read MoreStandard mobile banking trojans post their own fraudulent content over banking applications. The Yasuo-Bot malware takes it a step further by dynamically pulling fraudulent content from the C&C server. Since 2010, mobile malware is on the rise. The first mobile Trojan launched was Zitmo (Zeus in the mobile), a mobile version of the most…
Read MoreFake Pages An attack vector that strongly identified the Dyre malware is massively used now by Dridex authors. To accomplish that, the latest uses the same old “redirection” technique. The malware part that resides inside the browser implementation (“Man-in-the-Browser”) is able to intercept the browser’s requests sent to any domain and redirect them to the…
Read MoreOngoing campaign analysis has revealed that Dridex malware's latest focus has strongly shifted in recent months to US banks. Source link lol
Read MoreMore Complexity to Come The profession of webinject crafting is being reflected in Trojan campaigns against banks. We can only guess whether the resemblance between the webinjects is a result of a cooperation or of both fraudsters buying webinjects from the same third party. Either way, a great deal of fraud business logic is now…
Read MoreExecutive Summary Like coral reefs teeming with a variety of life, web applications are “colony creatures.” They consist of a multitude of independent components, running in separate environments with different operational requirements and supporting infrastructure (both in the cloud and on premises) glued together across networks. In this report, we examine that series of interacting…
Read MoreIn July 2018, F5 released its first annual Application Protection Report based on the results of an F5-commissioned Ponemon survey of 3,135 IT and security practitioners across the globe. Additional research conducted by Whatcom Community College, University of Washington Tacoma, along with data from White Hat Security and Loryka served to make this one of…
Read More