Feeds

Articles about Trojan

Dodgy installer drops Trojan in Japanese Buffalo update

Buffalo in Japan is red-faced after its Website shipped Trojan-infected Windows driver updates for a bunch of its peripherals, including broadband routers, home NAS, and Bluetooth mice. According to this notice (Google translation here), the installers were modified to include Infostealer.Bankeiya.B, which steals bank account …

SynoLocker Trojan crime gang: We QUIT this gig

A ransomware Trojan gang appears to be moving on, and has offered to sell its remaining decryption keys in bulk for 200 BTC ($103,000, £61,500). Cybercrooks behind the recent SynoLocker Trojan – which targets the network attached storage devices manufactured by Synology – have apparently decided to cash out on their ill-gotten …
John Leyden, 14 Aug 2014
Pandemia

Entirely new trojan quietly wheeled into black hat forums

An RSA researcher claims to have found an entirely new trojan during his trawls of the criminal underground. RSA researcher Eli Marcus says the "Pandemiya" trojan comprises about 25,000 lines of fresh code. With most malware based on proven platforms, entirely new code is a rarity. Pandemiya is nasty: it infects Windows PCs, …
Darren Pauli, 13 Jun 2014
Remy from Ratatouille

Why no one smells a RAT: Trojan uses YAHOO WEBMAIL to pick up instructions

Cybercrooks commonly run botnet command-and-control networks using servers or (less frequently) a peer-to-peer network, but one gang of scammers has broken the mould by managing a Trojan using Yahoo webmail. The recently discovered IcoScript Trojan is a classic remote administration tool (RAT), but what makes it highly unusual …
John Leyden, 05 Aug 2014

FBI and pals grab banking Trojan zombielord's joystick

Law enforcement and the security business have teamed up to disrupt the operation of the Shylock banking Trojan. The UK's National Crime Agency joined forces with Europol and the FBI to take down and seize the command and control servers key to running the botnet. Law enforcement also took control of the domains Shylock uses for …
John Leyden, 11 Jul 2014

Not your father's spam: Trojan slingers attach badness to attachment WITHIN attachment

Cybercrooks are upping the ante by loading malware as an attachment inside another attachment in a bid to slip past security defences. A new variant of the Upatre Trojan comes bundled in spammed messages that imitate emails from known banks such as Lloyds Bank and Wells Fargo. The .MSG file of the malicious emails contains …
John Leyden, 08 Apr 2014
Evil Android

China targeted by new Android Trojan

Russian security researchers are warning about an Android Trojan called Oldboot that has infected 350,000 devices worldwide. According to this post at Dr Web, Oldboot has a characteristic that makes it hard to deal with: some of the Trojan's components are loaded into the boot partition of the Android file system. By acting as a …
Kronos

'Father of Zeus' banking trojan appears at very reasonable price

A banking trojan dubbed the father of the infamous Zeus malware is being flogged on cybercrime marketplaces for a pricey $7000, says fraud specialist Etay Maor. The Kronos malware was sold on a cybercrime forum, pitched particularly to Zeus trojan customers given its capabilities to re-use that trojan's form grabbing templates …
Darren Pauli, 15 Jul 2014
smut side teaser

Crooks fling banking Trojan at Japanese smut site fans

Cybercrooks are targeting Japanese smut site aficionados with a new banking Trojan run. The Aibatook malware is targeting customers of Japanese banks who are also visitors on some of the country's most popular pornographic websites. Security researchers at anti-virus firm ESET estimated that more than 90 smut sites have been …
John Leyden, 16 Jul 2014

Citadel Trojan phishes its way into petrochem firm's webmail

Trusteer researchers are saying that the victims of the latest round of Citadel trojan infections includes one of the largest petrochemical companies in the world. The attacks, like so many others, targeted critical infrastructure organisations using phishing campaigns to steal network credentials. Researcher Dana Tamir said …
Darren Pauli, 17 Sep 2014

You have a Skype voicemail. PSYCHE! It's just some fiendish Trojan-flinging spam

A spam run of fake Skype voicemail alert emails actually comes packed with malware, a UK police agency warns. Action Fraud said the zip file attachments come contaminated with a variant of the notorious ZeuS banking Trojan. Messages typically come with the subject line “You received a new message from Skype voicemail service”. …
John Leyden, 28 Nov 2013
Resident Evil zombie takeover

Pushdo Trojan outbreak: 11 THOUSAND systems infected in just 24 hours

A wave of attacks by cybercrooks pushing a new variant of the resilient Pushdo Trojan has compromised more than 11,000 systems in just 24 hours. Indian PCs have been most affected by the outbreak, but systems in the UK, France and the US have also been hit, according to security software firm Bitdefender. The Romanian firm …
John Leyden, 17 Jul 2014

Scam emails tell people they have cancer to trick them into installing a money-stealing Trojan

Sick fraudsters have put out a batch of malware-riddled hoax emails warning recipients that they may have cancer. The scam emails purport to come from the UK National Institute for Health and Care Excellence (Nice). The emails - which arrive with the header "important blood analysis result" - ask prospective victims to download …
John Leyden, 14 Mar 2014

Pr0n-optimised Icepol Trojan's servers seized by Romanian cops

Romanian police have seized servers associated with the Icepol ransomware scam, effectively taking down the pervasive threat for now. The Icepol Trojan extorted victims who downloaded it by sending prospective marks a fake message from local police accusing them of downloading copyrighted material or illegal pornography. The …
John Leyden, 03 Feb 2014

Like WhatsApp? Meet 'desktop' version... and his BANK ACCOUNT RAIDING Trojan pal

Scammers have slung together a scam designed to trick users into running malware disguised as a "desktop version" of the ultra-popular WhatsApp mobile messaging app. Links promoted through a run of spam emails that began appearing last week actually lead to a banking Trojan rather than a PC version of the mobile-only app, Trend …
John Leyden, 26 Feb 2014

Shuttleworth: Firmware is the universal Trojan

Canonical boss Mark Shuttleworth has called on the world to abandon proprietary firmware code, calling all such code “a threat vector”. In this blog post, Shuttleworth makes the case that manufacturers are simply too incompetent, and attackers (including government security agencies) too competent, for security-by-obscurity in …
The Register breaking news

New online banking Trojan empties users' wallets, videos privates

Bank account-raiding Trojan Hesperbot has infected computers in UK, Turkey, the Czech Republic and Portugal, The Register has learned. Net security firm Eset said the software nasty is distributed via rather convincing-looking emails, which are dressed up as legit package tracking documents from postal companies or …
John Leyden, 05 Sep 2013

Trojan-laden FileZilla clone slurps data, sends it to the UNKNOWN

Cybercrooks have put together a malicious version of popular FTP app FileZilla which works just like the real thing but surreptitiously passes login information to a hacker-controlled server. The evil twin version has the same look and feel as the genuine programme and is clearly designed to mask its suspicious activities, such …
John Leyden, 29 Jan 2014
Close-up of a woman's lips, slightly pixelated as if on a CRT TV

'Kissing couple' Trojan sent to slurp fanbois' data... Syrian Electronic Army fingered

A “low risk” Mac Trojan seemingly linked to the Syrian Electronic Army has surfaced on the web. The Mac-specific Trojan comes disguised as a picture of a kissing couple. If opened, it creates a back door on compromised Apple computers. "This appears to be a targeted attack, though the method of delivery is not yet known," a …
John Leyden, 19 Sep 2013

ZeuS KICKS that SaaS: Trojan raids Salesforce.com accounts

Miscreants have forged a variant of the infamous ZeuS banking Trojan that targets enterprise data held by clients of CRM giant Salesforce.com. The ZeuS variant does not exploit a vulnerability in the Salesforce.com platform itself but rather penetrates the insecure devices of corporate workers accessing Salesforce.com. The …
John Leyden, 26 Feb 2014
The Register breaking news

UK bloke collared at home by bank-raid Trojan probe cops

A 36-year-old from South Croydon, London, has been arrested by cops investigating allegations of fraud involving the bank-account-raiding Tilon Trojan. The as-yet-unnamed man is suspected of conspiring to defraud and breaking drug laws. He was collared by officers from the Police Central eCrime Unit (PCeU) and the Serious …
John Leyden, 21 Mar 2013

Darknet: It's not just for DRUGS. Ninja Banking Trojan uses it too

Russian-speaking virus writers have brewed up a stealthy strain of banking Trojan that communicates over peer-to-peer networks using an encrypted darknet protocol that's arguably even stealthier than TOR: I2P. The i2Ninja malware offers a similar set of capabilities to other major financial malware such as ZeuS and SpyEye – …
John Leyden, 21 Nov 2013
VMware's monster VM

VMware hits back at Amazon cloud Trojan Horse with ... a blog post

VMware has responded to a Trojan Horse bit of tech from Amazon with a blog post disparaging the rival's approach. Last Friday, Bezos & Co. announced the "AWS Connector for vCenter" plug-in, which lets admins buy, manage, and migrate Amazon Web Services cloud VMs from within the familiar vCenter admin environment. This free bit …
Jack Clark, 02 Jun 2014
The Register breaking news

Sneaky new Android Trojan is WORST yet discovered

Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified. In a post to Kaspersky Lab's Securelist blog, security expert Roman Unuchek describes the malicious program, dubbed Backdoor.AndroidOS.Obad.a or "Obad" for short, as being …
Neil McAllister, 07 Jun 2013
The Register breaking news

NBC.com HACKED to spread bank account-raiding Trojan

The website of US TV network ‪NBC‬ was hacked to deliver Java and PDF exploits. The attack against NBC.com - which hosts entertainment and TV content - used a cybercrime toolkit called Redkit that was ultimately aimed at delivering Citadel, a banking Trojan. NBC acted promptly to cleaned up its promotional site, admitting the …
John Leyden, 22 Feb 2013
The Register breaking news

New slicker Shylock Trojan hooks into Skype

The Shylock banking Trojan has been revamped with extra features that allow the malware to spread using the chat function of Skype, the popular Voice over IP application. Shylock can now roam the Skype network thanks to a new propagating plugin called "msg.gsm". This component also adds functionality including the ability to …
John Leyden, 17 Jan 2013
Licensed under creative commons (Kafa4Prez) http://creativecommons.org/licenses/by-sa/2.0/deed.en

'Hand of Thief' banking Trojan reaches for Linux – for only $2K

Cybercrooks have created a banking Trojan that targets Linux users, which is been touted for sale on underground cybercrime forums for just $2,000 a pop. The "Hand of Thief" malware is a rare example of malicious code written especially to target the open-source operating system. The digital nasty includes form-grabbers for HTTP …
John Leyden, 08 Aug 2013
parallels logo schematics

Parallels pledges roll-back fix after silent 'trojan' freebie install triggers punter outrage

Parallels has promised to change the registration process of its virtualisation software for Macs after users complained that the technology introduced a "trojan-like" update functionality, intended to push a six month freebie trial of its new Access product. The release of Parallels Desktop 9 for Mac, the latest version of the …
John Leyden, 11 Sep 2013

Iraq civil war: You can fight with an AK-47 ... or a HOME-COOKED Trojan

Iraq's bloody civil war has spilled over onto the internet, notes a researcher that has spotted a large increase in cyber-espionage tools and other forms of malware. Members of the Islamic State of Iraq and al-Sham (ISIS) group have made extensive use of social media to spread slickly produced propaganda as an accompaniment to …
John Leyden, 01 Jul 2014
The Register breaking news

REVEALED: Cyberthug tool that BREAKS HSBC's anti-Trojan tech

Cybercrooks on an underground forum have developed a technique to bypass anti-Trojan technology from Trusteer used by financial institutions worldwide – including HSBC and Paypal – to protect depositors from cybersnoopers. Trusteer has downplayed the vulnerability and said it's in the process of rolling out beefed-up protection …
John Leyden, 06 Aug 2013
The Register breaking news

New trend: Trojan which steals your pics instead of your text

Miscreants have developed a strain of malware that steals image files from compromised systems. The Pixsteal-A Trojan dispenses with the conventional tactic of only stealing text files, instead concentrating on uploading .jpg, .jpeg, and .dmp (memory dump) files from infected machines onto a remote FTP server. The switch in …
John Leyden, 06 Nov 2012
The NSA Unchained

Anti-PRISM Trojan explodes over Jay-Z fans

Fans of rapper Jay-Z who thought they'd grabbed hold of an app granting them access to an early release of his new album Magna Carta Holy Grail have found themselves on the receiving end of an anti-PRISM Android Trojan designed to slurp all their data, according to security researchers. It is not yet clear if the data-stealing …
John Leyden, 05 Jul 2013
The Register breaking news

French cops cuff man over €500K Android Trojan scam

French police have arrested a 20-year-old man who allegedly earned €500,000 (£405,00, $650,000) through an Android malware scam. The unnamed perp from the Amiens region allegedly tricked 17,000 victims into installing a Trojan that posed as a legitimate application on their Android smartphones. In reality, the malicious …
John Leyden, 19 Oct 2012
Greg Chamitoff in the ISS's Destiny lab

The TRUTH about mystery Trojan found in SPAAACE

The mystery malware inadvertently brought into space by scientists which then infected the International Space Station has been identified as a gaming Trojan. The historical infection actually happened five years ago in 2008 but was propelled back into the news again last week as the result of a recent speech by Eugene Kaspersky …
John Leyden, 13 Nov 2013
The Register breaking news

Google Go language gets used: For file-scrambling trojan, though

Virus writers are experimenting with Google's Go as a programming language for malware. The Encriyoko Trojan uses components written in Go, which is a compiled language developed by the search giant and unveiled in 2009. Once installed on a Microsoft Windows PC, the Trojan attempts to use the Blowfish algorithm to encrypt all …
John Leyden, 24 Sep 2012
flag_japan

Japanese govt sucked dry for TWO YEARS by Trojan

The Japanese government has uncovered an advanced Trojan attack which may have lain undiscovered on its networks leaking confidential data for over two years. The Finance Ministry told the local Kyodo news service that the first infection came in January 2010, with the most recent taking place in November 2011, after which the …
Phil Muncaster, 25 Jul 2012
The Register breaking news

'FIRST ever' Linux, Mac OS X-only password sniffing Trojan spotted

Security researchers have discovered a potential dangerous Linux and Mac OS X cross-platform trojan. Once installed on a compromised machine, Wirenet-1 opens a backdoor to a remote command server, and logs key presses to capture passwords and sensitive information typed by victims. The program also grabs passwords submitted to …
John Leyden, 29 Aug 2012
The Register breaking news

Syrian rebels targeted using commercial Skype trojan

Syrian activists are coming under attack from a new Trojan, based on a commercial spyware application. Targeted attacks surreptitiously install the BlackShades Trojan onto compromised machines, an advisory by the EFF and Citizen Lab warns. The Trojan is been distributed in via compromised Skype accounts of Syrian activists in …
John Leyden, 20 Jun 2012

Microsoft, Red Hat, IBM and others help Google build cloud Trojan Horse

Tech companies large and small are teaming up to develop open-source software Kubernetes, the success of which will reduce the relevance of VMware's virtualization tech in the cloud. IBM, Red Hat, Microsoft, Docker, Mesosphere, CoreOS and SaltStack announced on Thursday that they are working with Google to develop open-source …
Jack Clark, 10 Jul 2014
The Register breaking news

Small banking Trojan poses major risk

Security researchers have discovered a tiny, but highly capable banking Trojan. Tinba (Tiny Banker, or otherwise known as Zusy) hooks itself into browsers before stealing banking login information and snaffling network traffic. The malware used injected code and Man in The Browser (MiTB) tricks to change the way banking …
John Leyden, 04 Jun 2012
The Register breaking news

'Gozi Trojan trio' blamed for multimillion-dollar bank raid spree

US prosecutors have accused three people of using a bank-account raiding Trojan to infect at least one million computers and steal millions of dollars. Russian national Nikita Kuzmin, 25, Latvian resident Deniss Calovskis, 27, and Mihai Ionut Paunescu, a 28-year-old Romanian, were behind the scam, according to charges filed …
John Leyden, 24 Jan 2013
The Register breaking news

Yet another OSX/Java Trojan spotted in the wild

Hard on the heels of the Flashback Trojan, Kaspersky Labs is warning of a new OSX threat, which it’s dubbed Backdoor.OSX.SabPub.a. In a post to Securelist, Kaspersky’s Costin Raiu says the Trojan connects to a command and control server hosted on a Californian-based VPS associated with the Onedumb.com free DNS. Apparently a …
The Register breaking news

Bank-raid Trojan jury-rigged to pwn 'major airport's network'

A Trojan has targeted airport workers logging into their employer's private network, security researchers have claimed. Crooks are believed to have modified the bank account-raiding Citadel Trojan, which is also used in ransomeware scams, and deployed it at a "major international airport hub" to access internal applications and …
John Leyden, 15 Aug 2012
The Register breaking news

Apple scrubs old Leopards of Flashback Trojan infections

Apple has released patches that defend users of its older Mac OS X 10.5 Leopard operating system against security threats. Monday's security fixes help defend Mac users stuck on the two-year-old operating system against assaults by the infamous Flashback Trojan. Users of the newer Snow Leopard (10.6) and Lion (10.7) operating …
John Leyden, 15 May 2012

Cybercrooks breed SELF-CLONING MUTANT that STEALS your BANK DETAILS

Cybercrooks have put together a botnet client which bundles in worm-like functionality that gives it the potential to spread quickly. Seculert warns that the latest version of the Cridex (AKA Geodo) information stealing Trojan includes a self-spreading infection method. Infected PCs in the botnet download a secondary strain of …
John Leyden, 02 Jul 2014
The Register breaking news

Tsunami Trojan: First Mac attack based on Linux crack

Malware writers have derived a new Trojan for Mac OS X by porting an older Linux backdoor Trojan horse onto another platform. The newly discovered Tsunami Trojan is derived from an earlier Linux-infecting backdoor Trojan, called Kaiten, which phoned home from infected machines to an IRC channel for further instructions. Security …
John Leyden, 26 Oct 2011
The Register breaking news

Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE

Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate. The Brazilian banking password-sniffer was signed with a valid digital certificate issued by DigiCert, MalwareBytes reports. DigiCert responded promptly to inquiries by El Reg to confirm it had a had pulled the offending …
John Leyden, 05 Feb 2013
The Register breaking news

Fake cop Trojan 'detects offensive materials' on PCs, demands money

Security firms are warning about a rash of police-themed ransomware attacks. The Reveton Trojan warns victims that illegal content has supposedly been detected on infected machines, displaying a message supposedly from local police agencies demanding payment to unlock machines. To unlock an infected machine, marks are invited …
John Leyden, 05 Apr 2012
The Register breaking news

Phone-raiding Trojan slips past Apple’s App Store censors

A mobile Trojan that secretly sends the phone's whereabouts and its address book to spammers has slipped into Apple's App Store and Google's Play marketplace. Called Find And Call, the malware includes a "find your friends" feature that uploads a user's phonebook contents to servers under the control of the application's …
John Leyden, 06 Jul 2012
The Register breaking news

Dr. Web disputes Flashback Mac Trojan bot army estimates

Efforts by Apple and anti-virus vendors to kill the vast botnet assembled by notorious Flashback Mac Trojan may be much less successful than previously thought. Symantec last week suggested the Mac botnet shrank from a peak of 670,000 to 140,000 following the release of clean-up tools. But the Russian anti-virus firm Dr. Web …
John Leyden, 25 Apr 2012