Articles about Trojan

The Bundestag in Berlin. Pic: Hernán Piñera

Banking trojan besieges Bundestag … for the second time

Online banking trojan Swatbanker has been brought into play in a second round of attacks against the German Bundestag, reports security software firm G DATA. Investigation of the configuration files embedded in the malware have revealed that the Swatbanker botnet integrated new filter functions for the domain "Bundestag.btg" – …
John Leyden, 17 Jun 2015
Headshot of Trojan horse

Fareit trojan pwns punters with devious DNS devilry

DNS tricks used by the Fareit trojan mean users are tricked into downloading malware, seemingly from Google or Facebook The latest variants of Fareit are infecting systems via malicious DNS servers, Finnish security firm F-Secure warns. These servers push bogus Flash updates that actually come packed with malicious code, as a …
John Leyden, 06 Mar 2015

Dyre times ahead: Zeus-style trojan slurps your banking login creds

UK users of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander are being targeted by cybercrooks slinging the Dyre banking trojan. Around 19,000 malicious emails have been sent in three days from spam servers worldwide, inviting users to download an archive containing a malicious .exe file posing as personal …
John Leyden, 08 Jul 2015

RubyGems slings patch at nasty redirect trojan holes

Get patching: new vulns in the RubyGems developer distribution platform could expose millions of users to malicious redirects. The hole (CVE-2015-3900) since patched means clients could be pushed to Gem severs hosting malicious content even if HTTPS is employed. Attackers further benefited since RubyGems Gems Server Discovery …
Darren Pauli, 24 Jun 2015

Monster banking Trojan botnet claims 500,000 victims

Security researchers have uncovered the infrastructure behind one of largest and most voracious banking Trojan networks uncovered to date. The Qbot (aka Qakbot) botnet apparently infected 500,000 systems before sniffing "conversations" – including account credentials – for a whopping 800,000 online banking transactions. More …
John Leyden, 07 Oct 2014
Headshot of Trojan horse

Banking trojan scourge gallops on, despite more fences

RSA 2015 Banking botnets persist as a threat despite recent high-profile takedowns which only achieve a temporary calming effect, according to a new study from Dell SecureWorks. Between mid-2014 and early 2015, coordinated efforts involving law enforcement and private-sector industry disrupted three of the most active banking botnets ( …
John Leyden, 23 Apr 2015
Costumed pirate

Fake Pirate Bay site pushes banking Trojan to WordPress users

Multiple WordPress sites are being redirected to a Pirate Bay copycat which in turn was being used to sling malware, anti-malware firm Malwarebytes warns. Several WordPress sites were injected with the same iframe over the last few days as part of an attack ultimately geared towards serving content from sites such as …
John Leyden, 01 Apr 2015
Evil Android

Fake Android The Interview app actually banking Trojan

Malware-slingers have latched onto the torrent of publicity spawned by the controversial film The Interview by stitching together a fake Android app actually designed to swipe online banking credentials. Sony Pictures, stung by criticism that it had given into threats in the wake of a devastating hack attack against its systems …
John Leyden, 29 Dec 2014
Pandemia

Rovnix Trojan infection outbreak infects 130,000 machines in Blighty

A new cluster of infections by the Rovnix Trojan has infected more than 130,000 Windows computers in the UK alone. The data-stealing malware is also affecting Germany, Italy, the US and Iran to a far lesser extent - 87 per cent of the computers infected are actually in the UK, according to anti-virus firm Bitdefender. Rovnix is …
John Leyden, 06 Nov 2014

Dodgy installer drops Trojan in Japanese Buffalo update

Buffalo in Japan is red-faced after its Website shipped Trojan-infected Windows driver updates for a bunch of its peripherals, including broadband routers, home NAS, and Bluetooth mice. According to this notice (Google translation here), the installers were modified to include Infostealer.Bankeiya.B, which steals bank account …

Citadel Trojan snooped on password managers to snatch victims' logins

Crooks have unsheathed a variant of the Citadel Trojan that targets password managers. The malware is designed to steal a victim's master passphrase, thus unlocking his or her database of website passwords in the process. The software nasty runs a key-logger to intercept what people type into the Password Safe and KeePass open- …
John Leyden, 21 Nov 2014

Zeus scumbag infects itself, buddies, with rival Trojan

A Zeus hacker cabal has infected itself and its colleagues with a rival malware in an act of poetic justice noticed by RSA researcher Lior Ben-Porat. The blackhat developed a custom Zeus panel for the infamous trojan by the same name which was found compromised Ramnit worm. Ben-Porat says the malware muck up happened after the …
Darren Pauli, 25 Feb 2015
Pandemia

Entirely new trojan quietly wheeled into black hat forums

An RSA researcher claims to have found an entirely new trojan during his trawls of the criminal underground. RSA researcher Eli Marcus says the "Pandemiya" trojan comprises about 25,000 lines of fresh code. With most malware based on proven platforms, entirely new code is a rarity. Pandemiya is nasty: it infects Windows PCs, …
Darren Pauli, 13 Jun 2014

SynoLocker Trojan crime gang: We QUIT this gig

A ransomware Trojan gang appears to be moving on, and has offered to sell its remaining decryption keys in bulk for 200 BTC ($103,000, £61,500). Cybercrooks behind the recent SynoLocker Trojan – which targets the network attached storage devices manufactured by Synology – have apparently decided to cash out on their ill-gotten …
John Leyden, 14 Aug 2014
Remy from Ratatouille

Why no one smells a RAT: Trojan uses YAHOO WEBMAIL to pick up instructions

Cybercrooks commonly run botnet command-and-control networks using servers or (less frequently) a peer-to-peer network, but one gang of scammers has broken the mould by managing a Trojan using Yahoo webmail. The recently discovered IcoScript Trojan is a classic remote administration tool (RAT), but what makes it highly unusual …
John Leyden, 05 Aug 2014

Not your father's spam: Trojan slingers attach badness to attachment WITHIN attachment

Cybercrooks are upping the ante by loading malware as an attachment inside another attachment in a bid to slip past security defences. A new variant of the Upatre Trojan comes bundled in spammed messages that imitate emails from known banks such as Lloyds Bank and Wells Fargo. The .MSG file of the malicious emails contains …
John Leyden, 08 Apr 2014

FBI and pals grab banking Trojan zombielord's joystick

Law enforcement and the security business have teamed up to disrupt the operation of the Shylock banking Trojan. The UK's National Crime Agency joined forces with Europol and the FBI to take down and seize the command and control servers key to running the botnet. Law enforcement also took control of the domains Shylock uses for …
John Leyden, 11 Jul 2014
Evil Android

China targeted by new Android Trojan

Russian security researchers are warning about an Android Trojan called Oldboot that has infected 350,000 devices worldwide. According to this post at Dr Web, Oldboot has a characteristic that makes it hard to deal with: some of the Trojan's components are loaded into the boot partition of the Android file system. By acting as a …
Kronos

'Father of Zeus' banking trojan appears at very reasonable price

A banking trojan dubbed the father of the infamous Zeus malware is being flogged on cybercrime marketplaces for a pricey $7000, says fraud specialist Etay Maor. The Kronos malware was sold on a cybercrime forum, pitched particularly to Zeus trojan customers given its capabilities to re-use that trojan's form grabbing templates …
Darren Pauli, 15 Jul 2014

Blackhats exploiting MacKeeper hole to foist dangerous trojan

Last month's MacKeeper vulnerability is now being exploited in the wild to hijack Apple machines, according to BAE security researcher Sergei Shevchenko. The hacker says criminals are using social engineering to trick users into installing malware capable of exfiltrating data using a then zero-day vulnerability in the notorious …
Darren Pauli, 16 Jun 2015
smut side teaser

Crooks fling banking Trojan at Japanese smut site fans

Cybercrooks are targeting Japanese smut site aficionados with a new banking Trojan run. The Aibatook malware is targeting customers of Japanese banks who are also visitors on some of the country's most popular pornographic websites. Security researchers at anti-virus firm ESET estimated that more than 90 smut sites have been …
John Leyden, 16 Jul 2014

You have a Skype voicemail. PSYCHE! It's just some fiendish Trojan-flinging spam

A spam run of fake Skype voicemail alert emails actually comes packed with malware, a UK police agency warns. Action Fraud said the zip file attachments come contaminated with a variant of the notorious ZeuS banking Trojan. Messages typically come with the subject line “You received a new message from Skype voicemail service”. …
John Leyden, 28 Nov 2013

Beware Brit cops bearing battering rams. Four nabbed over Trojan claims

British cops have arrested four people suspected of using Trojans to illegally take control of computers. The arrests were made as part of a international operation led by Europol which aimed to clamp down on the criminal use of Remote Access Trojans (RATs). These malware nasties are capable of taking command of a target's …
Jasper Hamill, 21 Nov 2014

Citadel Trojan phishes its way into petrochem firm's webmail

Trusteer researchers are saying that the victims of the latest round of Citadel trojan infections includes one of the largest petrochemical companies in the world. The attacks, like so many others, targeted critical infrastructure organisations using phishing campaigns to steal network credentials. Researcher Dana Tamir said …
Darren Pauli, 17 Sep 2014
Resident Evil zombie takeover

Pushdo Trojan outbreak: 11 THOUSAND systems infected in just 24 hours

A wave of attacks by cybercrooks pushing a new variant of the resilient Pushdo Trojan has compromised more than 11,000 systems in just 24 hours. Indian PCs have been most affected by the outbreak, but systems in the UK, France and the US have also been hit, according to security software firm Bitdefender. The Romanian firm …
John Leyden, 17 Jul 2014

Scam emails tell people they have cancer to trick them into installing a money-stealing Trojan

Sick fraudsters have put out a batch of malware-riddled hoax emails warning recipients that they may have cancer. The scam emails purport to come from the UK National Institute for Health and Care Excellence (Nice). The emails - which arrive with the header "important blood analysis result" - ask prospective victims to download …
John Leyden, 14 Mar 2014

Pr0n-optimised Icepol Trojan's servers seized by Romanian cops

Romanian police have seized servers associated with the Icepol ransomware scam, effectively taking down the pervasive threat for now. The Icepol Trojan extorted victims who downloaded it by sending prospective marks a fake message from local police accusing them of downloading copyrighted material or illegal pornography. The …
John Leyden, 03 Feb 2014

Like WhatsApp? Meet 'desktop' version... and his BANK ACCOUNT RAIDING Trojan pal

Scammers have slung together a scam designed to trick users into running malware disguised as a "desktop version" of the ultra-popular WhatsApp mobile messaging app. Links promoted through a run of spam emails that began appearing last week actually lead to a banking Trojan rather than a PC version of the mobile-only app, Trend …
John Leyden, 26 Feb 2014
The Register breaking news

New online banking Trojan empties users' wallets, videos privates

Bank account-raiding Trojan Hesperbot has infected computers in UK, Turkey, the Czech Republic and Portugal, The Register has learned. Net security firm Eset said the software nasty is distributed via rather convincing-looking emails, which are dressed up as legit package tracking documents from postal companies or …
John Leyden, 05 Sep 2013

Shuttleworth: Firmware is the universal Trojan

Canonical boss Mark Shuttleworth has called on the world to abandon proprietary firmware code, calling all such code “a threat vector”. In this blog post, Shuttleworth makes the case that manufacturers are simply too incompetent, and attackers (including government security agencies) too competent, for security-by-obscurity in …
Close-up of a woman's lips, slightly pixelated as if on a CRT TV

'Kissing couple' Trojan sent to slurp fanbois' data... Syrian Electronic Army fingered

A “low risk” Mac Trojan seemingly linked to the Syrian Electronic Army has surfaced on the web. The Mac-specific Trojan comes disguised as a picture of a kissing couple. If opened, it creates a back door on compromised Apple computers. "This appears to be a targeted attack, though the method of delivery is not yet known," a …
John Leyden, 19 Sep 2013

Trojan-laden FileZilla clone slurps data, sends it to the UNKNOWN

Cybercrooks have put together a malicious version of popular FTP app FileZilla which works just like the real thing but surreptitiously passes login information to a hacker-controlled server. The evil twin version has the same look and feel as the genuine programme and is clearly designed to mask its suspicious activities, such …
John Leyden, 29 Jan 2014
The Register breaking news

UK bloke collared at home by bank-raid Trojan probe cops

A 36-year-old from South Croydon, London, has been arrested by cops investigating allegations of fraud involving the bank-account-raiding Tilon Trojan. The as-yet-unnamed man is suspected of conspiring to defraud and breaking drug laws. He was collared by officers from the Police Central eCrime Unit (PCeU) and the Serious …
John Leyden, 21 Mar 2013

ZeuS KICKS that SaaS: Trojan raids Salesforce.com accounts

Miscreants have forged a variant of the infamous ZeuS banking Trojan that targets enterprise data held by clients of CRM giant Salesforce.com. The ZeuS variant does not exploit a vulnerability in the Salesforce.com platform itself but rather penetrates the insecure devices of corporate workers accessing Salesforce.com. The …
John Leyden, 26 Feb 2014
The Register breaking news

NBC.com HACKED to spread bank account-raiding Trojan

The website of US TV network ‪NBC‬ was hacked to deliver Java and PDF exploits. The attack against NBC.com - which hosts entertainment and TV content - used a cybercrime toolkit called Redkit that was ultimately aimed at delivering Citadel, a banking Trojan. NBC acted promptly to cleaned up its promotional site, admitting the …
John Leyden, 22 Feb 2013
The Register breaking news

New slicker Shylock Trojan hooks into Skype

The Shylock banking Trojan has been revamped with extra features that allow the malware to spread using the chat function of Skype, the popular Voice over IP application. Shylock can now roam the Skype network thanks to a new propagating plugin called "msg.gsm". This component also adds functionality including the ability to …
John Leyden, 17 Jan 2013
The Register breaking news

Sneaky new Android Trojan is WORST yet discovered

Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified. In a post to Kaspersky Lab's Securelist blog, security expert Roman Unuchek describes the malicious program, dubbed Backdoor.AndroidOS.Obad.a or "Obad" for short, as being …
Neil McAllister, 07 Jun 2013

Darknet: It's not just for DRUGS. Ninja Banking Trojan uses it too

Russian-speaking virus writers have brewed up a stealthy strain of banking Trojan that communicates over peer-to-peer networks using an encrypted darknet protocol that's arguably even stealthier than TOR: I2P. The i2Ninja malware offers a similar set of capabilities to other major financial malware such as ZeuS and SpyEye – …
John Leyden, 21 Nov 2013
Angela Merkel. Pic: Christliches Medienmagazin

Chancellor Merkel 'was patient zero' in German govt network hack

The recent cyberattack on the German government began with the compromise of Chancellor Angela Merkel's personal computer, it is alleged. German newspaper Bild claims Merkel's computer was one of the first systems to be infected with malware linked to miscreants in Russia. Hackers reportedly used Merkel's computer to send …
Shaun Nichols, 15 Jun 2015
VMware's monster VM

VMware hits back at Amazon cloud Trojan Horse with ... a blog post

VMware has responded to a Trojan Horse bit of tech from Amazon with a blog post disparaging the rival's approach. Last Friday, Bezos & Co. announced the "AWS Connector for vCenter" plug-in, which lets admins buy, manage, and migrate Amazon Web Services cloud VMs from within the familiar vCenter admin environment. This free bit …
Jack Clark, 02 Jun 2014
Licensed under creative commons (Kafa4Prez) http://creativecommons.org/licenses/by-sa/2.0/deed.en

'Hand of Thief' banking Trojan reaches for Linux – for only $2K

Cybercrooks have created a banking Trojan that targets Linux users, which is been touted for sale on underground cybercrime forums for just $2,000 a pop. The "Hand of Thief" malware is a rare example of malicious code written especially to target the open-source operating system. The digital nasty includes form-grabbers for HTTP …
John Leyden, 08 Aug 2013

BOT-GEDDON coming after ZeusVM leak, hacker warns

Former Kaspersky Japan boss now malware researcher Hendrik Adrian is warning of a boom of ZeusVM botnets, after the trojan source code was leaked online. Version two of the builder and panel source code leaked last month, and spotted by the French malware researcher known as Xylitol Adrian, who uses the online handle …
Darren Pauli, 07 Jul 2015
parallels logo schematics

Parallels pledges roll-back fix after silent 'trojan' freebie install triggers punter outrage

Parallels has promised to change the registration process of its virtualisation software for Macs after users complained that the technology introduced a "trojan-like" update functionality, intended to push a six month freebie trial of its new Access product. The release of Parallels Desktop 9 for Mac, the latest version of the …
John Leyden, 11 Sep 2013
The Register breaking news

New trend: Trojan which steals your pics instead of your text

Miscreants have developed a strain of malware that steals image files from compromised systems. The Pixsteal-A Trojan dispenses with the conventional tactic of only stealing text files, instead concentrating on uploading .jpg, .jpeg, and .dmp (memory dump) files from infected machines onto a remote FTP server. The switch in …
John Leyden, 06 Nov 2012
The Register breaking news

French cops cuff man over €500K Android Trojan scam

French police have arrested a 20-year-old man who allegedly earned €500,000 (£405,00, $650,000) through an Android malware scam. The unnamed perp from the Amiens region allegedly tricked 17,000 victims into installing a Trojan that posed as a legitimate application on their Android smartphones. In reality, the malicious …
John Leyden, 19 Oct 2012
The Register breaking news

REVEALED: Cyberthug tool that BREAKS HSBC's anti-Trojan tech

Cybercrooks on an underground forum have developed a technique to bypass anti-Trojan technology from Trusteer used by financial institutions worldwide – including HSBC and Paypal – to protect depositors from cybersnoopers. Trusteer has downplayed the vulnerability and said it's in the process of rolling out beefed-up protection …
John Leyden, 06 Aug 2013
flag_japan

Japanese govt sucked dry for TWO YEARS by Trojan

The Japanese government has uncovered an advanced Trojan attack which may have lain undiscovered on its networks leaking confidential data for over two years. The Finance Ministry told the local Kyodo news service that the first infection came in January 2010, with the most recent taking place in November 2011, after which the …
Phil Muncaster, 25 Jul 2012
The Register breaking news

Syrian rebels targeted using commercial Skype trojan

Syrian activists are coming under attack from a new Trojan, based on a commercial spyware application. Targeted attacks surreptitiously install the BlackShades Trojan onto compromised machines, an advisory by the EFF and Citizen Lab warns. The Trojan is been distributed in via compromised Skype accounts of Syrian activists in …
John Leyden, 20 Jun 2012
The Register breaking news

Google Go language gets used: For file-scrambling trojan, though

Virus writers are experimenting with Google's Go as a programming language for malware. The Encriyoko Trojan uses components written in Go, which is a compiled language developed by the search giant and unveiled in 2009. Once installed on a Microsoft Windows PC, the Trojan attempts to use the Blowfish algorithm to encrypt all …
John Leyden, 24 Sep 2012
The NSA Unchained

Anti-PRISM Trojan explodes over Jay-Z fans

Fans of rapper Jay-Z who thought they'd grabbed hold of an app granting them access to an early release of his new album Magna Carta Holy Grail have found themselves on the receiving end of an anti-PRISM Android Trojan designed to slurp all their data, according to security researchers. It is not yet clear if the data-stealing …
John Leyden, 05 Jul 2013