Feeds

Articles about Trojan

Not your father's spam: Trojan slingers attach badness to attachment WITHIN attachment

Cybercrooks are upping the ante by loading malware as an attachment inside another attachment in a bid to slip past security defences. A new variant of the Upatre Trojan comes bundled in spammed messages that imitate emails from known banks such as Lloyds Bank and Wells Fargo. The .MSG file of the malicious emails contains …
John Leyden, 08 Apr 2014
Evil Android

China targeted by new Android Trojan

Russian security researchers are warning about an Android Trojan called Oldboot that has infected 350,000 devices worldwide. According to this post at Dr Web, Oldboot has a characteristic that makes it hard to deal with: some of the Trojan's components are loaded into the boot partition of the Android file system. By acting as a …

You have a Skype voicemail. PSYCHE! It's just some fiendish Trojan-flinging spam

A spam run of fake Skype voicemail alert emails actually comes packed with malware, a UK police agency warns. Action Fraud said the zip file attachments come contaminated with a variant of the notorious ZeuS banking Trojan. Messages typically come with the subject line “You received a new message from Skype voicemail service”. …
John Leyden, 28 Nov 2013

Scam emails tell people they have cancer to trick them into installing a money-stealing Trojan

Sick fraudsters have put out a batch of malware-riddled hoax emails warning recipients that they may have cancer. The scam emails purport to come from the UK National Institute for Health and Care Excellence (Nice). The emails - which arrive with the header "important blood analysis result" - ask prospective victims to download …
John Leyden, 14 Mar 2014

Pr0n-optimised Icepol Trojan's servers seized by Romanian cops

Romanian police have seized servers associated with the Icepol ransomware scam, effectively taking down the pervasive threat for now. The Icepol Trojan extorted victims who downloaded it by sending prospective marks a fake message from local police accusing them of downloading copyrighted material or illegal pornography. The …
John Leyden, 03 Feb 2014

Like WhatsApp? Meet 'desktop' version... and his BANK ACCOUNT RAIDING Trojan pal

Scammers have slung together a scam designed to trick users into running malware disguised as a "desktop version" of the ultra-popular WhatsApp mobile messaging app. Links promoted through a run of spam emails that began appearing last week actually lead to a banking Trojan rather than a PC version of the mobile-only app, Trend …
John Leyden, 26 Feb 2014

Shuttleworth: Firmware is the universal Trojan

Canonical boss Mark Shuttleworth has called on the world to abandon proprietary firmware code, calling all such code “a threat vector”. In this blog post, Shuttleworth makes the case that manufacturers are simply too incompetent, and attackers (including government security agencies) too competent, for security-by-obscurity in …
The Register breaking news

New online banking Trojan empties users' wallets, videos privates

Bank account-raiding Trojan Hesperbot has infected computers in UK, Turkey, the Czech Republic and Portugal, The Register has learned. Net security firm Eset said the software nasty is distributed via rather convincing-looking emails, which are dressed up as legit package tracking documents from postal companies or …
John Leyden, 05 Sep 2013

Trojan-laden FileZilla clone slurps data, sends it to the UNKNOWN

Cybercrooks have put together a malicious version of popular FTP app FileZilla which works just like the real thing but surreptitiously passes login information to a hacker-controlled server. The evil twin version has the same look and feel as the genuine programme and is clearly designed to mask its suspicious activities, such …
John Leyden, 29 Jan 2014
Close-up of a woman's lips, slightly pixelated as if on a CRT TV

'Kissing couple' Trojan sent to slurp fanbois' data... Syrian Electronic Army fingered

A “low risk” Mac Trojan seemingly linked to the Syrian Electronic Army has surfaced on the web. The Mac-specific Trojan comes disguised as a picture of a kissing couple. If opened, it creates a back door on compromised Apple computers. "This appears to be a targeted attack, though the method of delivery is not yet known," a …
John Leyden, 19 Sep 2013

ZeuS KICKS that SaaS: Trojan raids Salesforce.com accounts

Miscreants have forged a variant of the infamous ZeuS banking Trojan that targets enterprise data held by clients of CRM giant Salesforce.com. The ZeuS variant does not exploit a vulnerability in the Salesforce.com platform itself but rather penetrates the insecure devices of corporate workers accessing Salesforce.com. The …
John Leyden, 26 Feb 2014
The Register breaking news

UK bloke collared at home by bank-raid Trojan probe cops

A 36-year-old from South Croydon, London, has been arrested by cops investigating allegations of fraud involving the bank-account-raiding Tilon Trojan. The as-yet-unnamed man is suspected of conspiring to defraud and breaking drug laws. He was collared by officers from the Police Central eCrime Unit (PCeU) and the Serious …
John Leyden, 21 Mar 2013

Darknet: It's not just for DRUGS. Ninja Banking Trojan uses it too

Russian-speaking virus writers have brewed up a stealthy strain of banking Trojan that communicates over peer-to-peer networks using an encrypted darknet protocol that's arguably even stealthier than TOR: I2P. The i2Ninja malware offers a similar set of capabilities to other major financial malware such as ZeuS and SpyEye – …
John Leyden, 21 Nov 2013
The Register breaking news

Sneaky new Android Trojan is WORST yet discovered

Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified. In a post to Kaspersky Lab's Securelist blog, security expert Roman Unuchek describes the malicious program, dubbed Backdoor.AndroidOS.Obad.a or "Obad" for short, as being …
Neil McAllister, 07 Jun 2013
The Register breaking news

NBC.com HACKED to spread bank account-raiding Trojan

The website of US TV network ‪NBC‬ was hacked to deliver Java and PDF exploits. The attack against NBC.com - which hosts entertainment and TV content - used a cybercrime toolkit called Redkit that was ultimately aimed at delivering Citadel, a banking Trojan. NBC acted promptly to cleaned up its promotional site, admitting the …
John Leyden, 22 Feb 2013
The Register breaking news

New slicker Shylock Trojan hooks into Skype

The Shylock banking Trojan has been revamped with extra features that allow the malware to spread using the chat function of Skype, the popular Voice over IP application. Shylock can now roam the Skype network thanks to a new propagating plugin called "msg.gsm". This component also adds functionality including the ability to …
John Leyden, 17 Jan 2013
Licensed under creative commons (Kafa4Prez) http://creativecommons.org/licenses/by-sa/2.0/deed.en

'Hand of Thief' banking Trojan reaches for Linux – for only $2K

Cybercrooks have created a banking Trojan that targets Linux users, which is been touted for sale on underground cybercrime forums for just $2,000 a pop. The "Hand of Thief" malware is a rare example of malicious code written especially to target the open-source operating system. The digital nasty includes form-grabbers for HTTP …
John Leyden, 08 Aug 2013
parallels logo schematics

Parallels pledges roll-back fix after silent 'trojan' freebie install triggers punter outrage

Parallels has promised to change the registration process of its virtualisation software for Macs after users complained that the technology introduced a "trojan-like" update functionality, intended to push a six month freebie trial of its new Access product. The release of Parallels Desktop 9 for Mac, the latest version of the …
John Leyden, 11 Sep 2013
The Register breaking news

REVEALED: Cyberthug tool that BREAKS HSBC's anti-Trojan tech

Cybercrooks on an underground forum have developed a technique to bypass anti-Trojan technology from Trusteer used by financial institutions worldwide – including HSBC and Paypal – to protect depositors from cybersnoopers. Trusteer has downplayed the vulnerability and said it's in the process of rolling out beefed-up protection …
John Leyden, 06 Aug 2013
Greg Chamitoff in the ISS's Destiny lab

The TRUTH about mystery Trojan found in SPAAACE

The mystery malware inadvertently brought into space by scientists which then infected the International Space Station has been identified as a gaming Trojan. The historical infection actually happened five years ago in 2008 but was propelled back into the news again last week as the result of a recent speech by Eugene Kaspersky …
John Leyden, 13 Nov 2013
The NSA Unchained

Anti-PRISM Trojan explodes over Jay-Z fans

Fans of rapper Jay-Z who thought they'd grabbed hold of an app granting them access to an early release of his new album Magna Carta Holy Grail have found themselves on the receiving end of an anti-PRISM Android Trojan designed to slurp all their data, according to security researchers. It is not yet clear if the data-stealing …
John Leyden, 05 Jul 2013
The Register breaking news

New trend: Trojan which steals your pics instead of your text

Miscreants have developed a strain of malware that steals image files from compromised systems. The Pixsteal-A Trojan dispenses with the conventional tactic of only stealing text files, instead concentrating on uploading .jpg, .jpeg, and .dmp (memory dump) files from infected machines onto a remote FTP server. The switch in …
John Leyden, 06 Nov 2012
The Register breaking news

French cops cuff man over €500K Android Trojan scam

French police have arrested a 20-year-old man who allegedly earned €500,000 (£405,00, $650,000) through an Android malware scam. The unnamed perp from the Amiens region allegedly tricked 17,000 victims into installing a Trojan that posed as a legitimate application on their Android smartphones. In reality, the malicious …
John Leyden, 19 Oct 2012
The Register breaking news

Google Go language gets used: For file-scrambling trojan, though

Virus writers are experimenting with Google's Go as a programming language for malware. The Encriyoko Trojan uses components written in Go, which is a compiled language developed by the search giant and unveiled in 2009. Once installed on a Microsoft Windows PC, the Trojan attempts to use the Blowfish algorithm to encrypt all …
John Leyden, 24 Sep 2012
flag_japan

Japanese govt sucked dry for TWO YEARS by Trojan

The Japanese government has uncovered an advanced Trojan attack which may have lain undiscovered on its networks leaking confidential data for over two years. The Finance Ministry told the local Kyodo news service that the first infection came in January 2010, with the most recent taking place in November 2011, after which the …
Phil Muncaster, 25 Jul 2012
The Register breaking news

'FIRST ever' Linux, Mac OS X-only password sniffing Trojan spotted

Security researchers have discovered a potential dangerous Linux and Mac OS X cross-platform trojan. Once installed on a compromised machine, Wirenet-1 opens a backdoor to a remote command server, and logs key presses to capture passwords and sensitive information typed by victims. The program also grabs passwords submitted to …
John Leyden, 29 Aug 2012
The Register breaking news

Syrian rebels targeted using commercial Skype trojan

Syrian activists are coming under attack from a new Trojan, based on a commercial spyware application. Targeted attacks surreptitiously install the BlackShades Trojan onto compromised machines, an advisory by the EFF and Citizen Lab warns. The Trojan is been distributed in via compromised Skype accounts of Syrian activists in …
John Leyden, 20 Jun 2012
The Register breaking news

Small banking Trojan poses major risk

Security researchers have discovered a tiny, but highly capable banking Trojan. Tinba (Tiny Banker, or otherwise known as Zusy) hooks itself into browsers before stealing banking login information and snaffling network traffic. The malware used injected code and Man in The Browser (MiTB) tricks to change the way banking …
John Leyden, 04 Jun 2012
The Register breaking news

'Gozi Trojan trio' blamed for multimillion-dollar bank raid spree

US prosecutors have accused three people of using a bank-account raiding Trojan to infect at least one million computers and steal millions of dollars. Russian national Nikita Kuzmin, 25, Latvian resident Deniss Calovskis, 27, and Mihai Ionut Paunescu, a 28-year-old Romanian, were behind the scam, according to charges filed …
John Leyden, 24 Jan 2013
The Register breaking news

Bank-raid Trojan jury-rigged to pwn 'major airport's network'

A Trojan has targeted airport workers logging into their employer's private network, security researchers have claimed. Crooks are believed to have modified the bank account-raiding Citadel Trojan, which is also used in ransomeware scams, and deployed it at a "major international airport hub" to access internal applications and …
John Leyden, 15 Aug 2012
The Register breaking news

Yet another OSX/Java Trojan spotted in the wild

Hard on the heels of the Flashback Trojan, Kaspersky Labs is warning of a new OSX threat, which it’s dubbed Backdoor.OSX.SabPub.a. In a post to Securelist, Kaspersky’s Costin Raiu says the Trojan connects to a command and control server hosted on a Californian-based VPS associated with the Onedumb.com free DNS. Apparently a …
The Register breaking news

Apple scrubs old Leopards of Flashback Trojan infections

Apple has released patches that defend users of its older Mac OS X 10.5 Leopard operating system against security threats. Monday's security fixes help defend Mac users stuck on the two-year-old operating system against assaults by the infamous Flashback Trojan. Users of the newer Snow Leopard (10.6) and Lion (10.7) operating …
John Leyden, 15 May 2012
The Register breaking news

Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE

Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate. The Brazilian banking password-sniffer was signed with a valid digital certificate issued by DigiCert, MalwareBytes reports. DigiCert responded promptly to inquiries by El Reg to confirm it had a had pulled the offending …
John Leyden, 05 Feb 2013
Bacteria on a mobile phone

Got a mobile phone? Then you've got a Trojan problem too

Something wonderful has happened: phones have got smart, but the bad news is they may open the door to those you don’t want to let in. Time was when getting software to run properly on your mobile phone was such a challenge that it was nigh on impossible for bad guys to write malware that worked. Most phones used proprietary …
Simon Rockman, 18 Oct 2013
The Register breaking news

Phone-raiding Trojan slips past Apple’s App Store censors

A mobile Trojan that secretly sends the phone's whereabouts and its address book to spammers has slipped into Apple's App Store and Google's Play marketplace. Called Find And Call, the malware includes a "find your friends" feature that uploads a user's phonebook contents to servers under the control of the application's …
John Leyden, 06 Jul 2012
The Register breaking news

Fake cop Trojan 'detects offensive materials' on PCs, demands money

Security firms are warning about a rash of police-themed ransomware attacks. The Reveton Trojan warns victims that illegal content has supposedly been detected on infected machines, displaying a message supposedly from local police agencies demanding payment to unlock machines. To unlock an infected machine, marks are invited …
John Leyden, 05 Apr 2012
The Register breaking news

Tsunami Trojan: First Mac attack based on Linux crack

Malware writers have derived a new Trojan for Mac OS X by porting an older Linux backdoor Trojan horse onto another platform. The newly discovered Tsunami Trojan is derived from an earlier Linux-infecting backdoor Trojan, called Kaiten, which phoned home from infected machines to an IRC channel for further instructions. Security …
John Leyden, 26 Oct 2011
The Register breaking news

Dr. Web disputes Flashback Mac Trojan bot army estimates

Efforts by Apple and anti-virus vendors to kill the vast botnet assembled by notorious Flashback Mac Trojan may be much less successful than previously thought. Symantec last week suggested the Mac botnet shrank from a peak of 670,000 to 140,000 following the release of clean-up tools. But the Russian anti-virus firm Dr. Web …
John Leyden, 25 Apr 2012
The Register breaking news

Russian K-force operatives cuff suspected Carberp trojan bank raider

Russian police have arrested a 22-year-old man suspected of running a bank fraud network that infected six million machines, raking in an estimated 150 million roubles ($4.5m or £2.9m) in ill-gotten gains in the process. The unnamed suspect, who is alleged to be the hacker known by the online nicknames "Hermes" and "Arashi", is …
John Leyden, 26 Jun 2012
The Register breaking news

Android Trojan taints US mobes, spews 500,000 texts A DAY

A Trojan that infects Android devices is behind an increase in text message spam in the US. SpamSoldier infects smartphones and spews out thousands of SMS messages without the user's permission. The mobile irritant is primarily spreading through texts that offer free versions of popular paid-for games such as Need for Speed: …
John Leyden, 19 Dec 2012
The Register breaking news

Even a CHILD can make a Trojan to pillage Windows Phone 8

A teenager has crafted prototype malware for Windows Phone 8 just weeks after the official unveiling of the smartphone platform. The proof-of-concept code is due to be demonstrated by Shantanu Gawde at the International Malware Conference (MalCon) in New Delhi, India on 24 November. Gawde, who is a member of the Indian …
John Leyden, 13 Nov 2012
The Register breaking news

Office printers spew reams of garbage as 2-year-old Trojan runs wild

Computer printers around the world are spewing garbage following a flare-up of a strain of malware first detected two years ago, Symantec warns. A spike in infections by the Milicenso Trojan has hit businesses in the US, India, Europe and South America over the last two weeks or so – resulting in a massive, wasted print jobs at …
John Leyden, 22 Jun 2012
The Register breaking news

Trojan targets Mac's built-in security defences

Malware coders have created a Mac-specific Trojan that is designed to attack anti-malware defences built into Apple's Mac OS X operating system. The Flashback.C trojan disables the automatic update component of XProtect, OS X's anti-malware application, net security firm F-Secure reports. By wiping out files, the malware …
John Leyden, 19 Oct 2011
The Register breaking news

Mac Java hole exploited by wild Flashback Trojan strain

Security watchers have discovered a strain of Mac-specific malware that exploits an unpatched vulnerability in Java. A variant of the Flashback Trojan exploiting CVE-2012-0507 (a Java vulnerability) has been spotted in the wild, F-Secure warns. Oracle patched the vulnerability for Windows machines in February but is yet to …
John Leyden, 02 Apr 2012
The Register breaking news

Anonymous web weapon backfires with hidden banking Trojan

Anonymous supporters queuing up to participate in denial-of-service attacks are being tricked into installing ZeuS botnet clients. Hacktivists grabbed what they thought was the Slowloris tool, which is designed to flood websites with open connections and ultimately knock them offline. However, the download included a strain of …
John Leyden, 02 Mar 2012
The Register breaking news

Trojan sneaks into hotel, slurps guests' credit card data

Cyberooks are selling malware through underground forums which they claim offers the ability to steal credit card information from a hotel point of sale (POS) applications. The ruse, detected by transaction security firm Trusteer, shows how criminals are using malware on enterprise machines to collect financial information in …
John Leyden, 19 Apr 2012
The Register breaking news

Apple finally deploys Mac Flashback Trojan terminator

Apple has released a tool that removes the infamous Flashback Trojan from infected Macs. The utility, billed as a Java security update, also disables Java applets by default - but only on machines running OS X Lion, the latest version. The update turns off Java applet execution by default for all browsers, not just Safari. …
John Leyden, 13 Apr 2012
The Register breaking news

Mac-based Trojan targets Uyghur activists

Security researchers have intercepted a Mac-based Trojan attack targeting Uyghur human rights activists. The Uyghur are a minority ethnic group that live in Eastern and Central Asia, mostly (but not exclusively) within the geographical borders of China. A run of infected emails sent to Uyghur activists, and intercepted by …
John Leyden, 29 Jun 2012

Sync'n'steal: Hackers brew Android-targeting Windows malware

Internet Igors have stitched together the first strain of Windows malware that can hop over and infect Android smartphones and tablets. The Droidpak mobile banking trojan exploits syncing between smartphones and Windows PCs to jump from a compromised PC onto an Android device. The Windows Trojan downloads a malicious .APK file …
John Leyden, 27 Jan 2014
The Register breaking news

Tick-like banking Trojan drills into Firefox, sucks out info

A new banking Trojan is spreading in the UK and the Netherlands, Symantec warns. Neloweg operates much like its more famous cybercrime toolkit predecessor ZeuS, but with a couple of subtle twists. "Like Zeus, Neloweg can detect which site it is on and add custom JavaScript. But while Zeus uses an included configuration file, …
John Leyden, 01 Mar 2012