Articles about Trojans

20-yr-old Brazilian births 100 banking trojans

A 20 year-old Brazilian kid has pumped out more than 100 banking trojans selling each for around US$300 a pop, Trend Micro researchers say. The computer science student's extracurricular activities landed him the dishonourable title of his country's most prolific banking malware creator. Researchers say "Lordfenix", his chosen …
Darren Pauli, 02 Jul 2015
Mobile banking, image via Shutterstock

SlemBunk slamdunk: Mobile banking Trojans found worldwide

Cybercrooks have put together a dynasty of Android Trojan apps in a bid to imitate the legitimate apps of 33 financial management institutions across the globe. The SlemBunk apps (which commonly masquerade as popular applications, such as social media, utility, etc) have spread across three major continents: North America, …
John Leyden, 14 Jan 2016

Attackers planting banking Trojans in industrial systems

Trend Micro researcher Kyle Wilhoit says the latest attacks on SCADA and industrial control networks are turning out to carry rather pedestrian banking Trojans, and have been on the rise since October 2014. Talking to DarkReading, Wilhoit said rather than Stuxnet-style attacks, ne'er-do-wells are dropping banking Trojans into …

Iranian VXers unleash RATs to bite popular Android devices

Future threat researcher Rodrigo Bijou says Iranian hackers have made Android a priority for attacks with remote access trojans. The San Francisco consultant says attackers are preferring AndroRAT and DroidJack over common trojans like njRAT and DarkComet. Android is the most popular mobile OS in the Middle East and Africa, …
Darren Pauli, 29 Oct 2015

German surfers blitzed by widespread malvertising campaign

German surfers are under attack from multiple directions this week because of a widespread malvertising campaign. Users of eBay.de and subscribers of ISP T-Online.de were confronted with tainted ads after cybercrooks succeeded in pushing malicious traffic through rogue systems. The attacks began after hackers circumvented …
John Leyden, 22 Oct 2015
Monty Python's singing Vikings

Oi, bank manager. Only you've got my email address - where're these TROJANS coming from?

Santander customers are continuing to complain about receiving trojans and other junk to email addresses exclusively used with the bank. The reports began last month, prompting promises of an investigation by Santander. It's still unclear whether email addresses leaked from the bank or one of its affiliates. Independent experts …
John Leyden, 19 Dec 2013

Edgy online shoppers face Dyre Christmas as malware mutates

VXers have cooked up Windows 10 and Edge support for the nasty Dyre or Dyreza banking trojan. The banking bomb has ripped untold fortunes from victims and passed them into the hands of its authors. In at least one instance alone IBM says more than one million dollars was plundered from an organisation. At present it has …
Darren Pauli, 19 Nov 2015

Apple's anti-malware Gatekeeper still useless: Security bloke reveals lingering holes

Apple has flubbed attempts to patch flaws in OS X's anti-malware system Gatekeeper, leaving the defenses still easy to bypass. Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, found a way to circumvent Gatekeeper last year. Gatekeeper is supposed to block dodgy …
John Leyden, 15 Jan 2016

Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots

Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches. The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines. The two above- …
Darren Pauli, 11 Jan 2016
The Register breaking news

Frenchie bean-counters sweet-talked into slipping on Trojans

Crooks hoping to empty company bank accounts are calling up the firms' bean-counters to chase invoices packed with hidden malware. Finance staff are tricked into opening the booby-trapped messages in phone calls from con men, who claim to have emailed in legit paperwork that needs urgent attention. The documents instead include …
John Leyden, 14 May 2013

New mystery Windows-smashing RAT found in corporate network

Malware man Yotam Gottesman has found a somewhat mysterious remote access Trojan on a corporate network that sports highly capable evasion techniques. The Ensilo researcher says the Trojan, dubbed Moker, is not known to antivirus databases and can bypass and disable Windows security measures. Bypassed security systems …
Team Register, 08 Oct 2015
Android icon desktop toys

Amazon vendors flog thousands of rooted, malware-laden tablets

Amazon is unwittingly acting as the retail channel for thousands of Android devices preloaded with nightmare advertising malware and with operating systems rooted, users and security boffins allege. The blackbox tablets badged under various brands and flogged on the ecommerce site and elsewhere are A$100 (£50) Android units …
Darren Pauli, 13 Nov 2015

Brazilian whacks: as economy tanks, cyber-crooks samba

Brazil's economy may be hurtling towards recession but its online criminal underground is booming with wannabe hackers and carders racing to get a cut, research finds. Trend Micro's work is the latest in a series of papers it has published in recent months that examine regional online crime economies including North America, …
Darren Pauli, 13 Jan 2016
Solar panels

Energy utilities targeted by Office-spawned recon attack tool

Malware writers are targeting international energy utilities with a new trojan that creates beachheads to enable subsequent more advanced attacks. Symantec security boffin Christian Tripputi says the campaign, detected in the first two months of 2015, has a particular focus on creating beachheads on petroleum and gas utilities …
Darren Pauli, 02 Apr 2015

American cyber crims operate popup hack 'n crack sites in plain sight

North American cyber criminals are so blatantly thumbing their noses at law enforcement that their forums have been nicknamed "glass tanks". The selling of malware, stolen credentials, and other crime services are so open they can be found using Google, Trend Micro researchers Kyle Wilhoit and Stephen Hilt say. Moreover, the …
Darren Pauli, 14 Dec 2015

Rejoice, Blighty! UK is the TOP of the WHOLE WORLD ... for PHISHING

British punters are being served three times as many phishing links to trojans and exploit kits than the US, and five times more than the Germans, according to a ProofPoint study. The security researchers say that while the English were being served more malicious links, Germans were hit with the greatest amount of unsolicited …
Darren Pauli, 16 Sep 2014
The Register breaking news

Wave of Trojans breaks over Android

Fraudsters have cranked up production of malware targeting Android devices with with a rash of Trojans, many of which apply tricks long used against Windows PCs. F-Secure reports that a rogue developer has modified a harmless app that displays pictures of bikini-clad babes into a tool that secretly establishes a rudimentary …
John Leyden, 01 Jun 2011

Russian friends make German web scum the 'best' in European Union

The German cyber crime market is an overlooked but unique beast that works in lockstep with Russian veterans to serve fraud-flinging newcomers and hardened carders alike, researchers say. In one of the few examinations into German crime forums a team of Trend Micro threat bods say the scene is the most developed in the …
Darren Pauli, 14 Dec 2015
Malware

158 new malware created EVERY MINUTE

Malware monitors PandaLabs says 227,747 new malware samples are released every day. The findings from its recent survey found 20 million samples were created in the third quarter of 2014. Three quarters of infections were trojans while only 9 percent were viruses and 4 percent worms. The number of trojans rose 13 percent over …
Darren Pauli, 06 Nov 2014
Headshot of Trojan horse

Banking trojan scourge gallops on, despite more fences

RSA 2015 Banking botnets persist as a threat despite recent high-profile takedowns which only achieve a temporary calming effect, according to a new study from Dell SecureWorks. Between mid-2014 and early 2015, coordinated efforts involving law enforcement and private-sector industry disrupted three of the most active banking botnets ( …
John Leyden, 23 Apr 2015

A RAT and a spammer both avoid the slammer

Two US hackers have escaped prison, receiving probation instead of time in federal coolers. Blackshades remote access trojan (RAT) co-creator Michael Hogue, 25, of Arizona, could have stared down five years prison for his role in developing the BlackShades remote access trojan but instead received the time on probation. His …
Darren Pauli, 01 Feb 2016

Blacklists miss 90% of malware blogged IP love

Threat intelligence firm RecordedFuture says popular web blacklists are missing thousands of IP addresses linked to malware data theft. The Massachusetts company, which boasts it's scored four out of five "top companies in the world" as clients, says correlating IP addresses to malware references yields between a thousand and …
Darren Pauli, 12 Aug 2015
Avi Rubin

Terrible infections, bad practices, unclean kit – welcome to hospital IT

Usenix Enigma When it comes to IT security, the medical world is by far the most inept at data security. So say top researchers at the first Usenix Enigma security conference, held this week in San Francisco. "As a tester who has worked in many industries, healthcare is the absolute worst in terms of security," Avi Rubin, technical director …
Iain Thomson, 25 Jan 2016

Beware Brit cops bearing battering rams. Four nabbed over Trojan claims

British cops have arrested four people suspected of using Trojans to illegally take control of computers. The arrests were made as part of a international operation led by Europol which aimed to clamp down on the criminal use of Remote Access Trojans (RATs). These malware nasties are capable of taking command of a target's …
Jasper Hamill, 21 Nov 2014
steam_dota_character_648

Trojan-filled Chrome extensions for Steam boil off gamers' assets

Miscreants are slinging fraudulent Chrome extension trojans at gamers that, if installed, will empty victims’ Steam inventory. Security researcher Bart Blaze warned that supposedly "helpful" Chrome extensions for Counter-Strike: Global Offensive (CS:GO) are actually scamware. “Instead of being able to change your CS:GO Double …
John Leyden, 20 Jan 2016
The Register breaking news

Israeli cops penetrated by army of fake generals with trojans

Israeli police departments were pulled offline last Thursday following the discovery of a Trojan especially targeted at law enforcement networks in the Jewish state. The malware was distributed using spammed messages, spoofed so that they appeared to come from the head of the Israel Defense Forces, Benny Gantz. The malicious …
John Leyden, 30 Oct 2012

RubyGems slings patch at nasty redirect trojan holes

Get patching: new vulns in the RubyGems developer distribution platform could expose millions of users to malicious redirects. The hole (CVE-2015-3900) since patched means clients could be pushed to Gem severs hosting malicious content even if HTTPS is employed. Attackers further benefited since RubyGems Gems Server Discovery …
Darren Pauli, 24 Jun 2015
Mac malware

All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up

The number of iOS threats discovered this year has more than doubled, from three in 2014 to seven so far in 2015, according to Symantec, with jailbroken devices being the focus of the majority of threats. Of the 13 iOS threats documented by the technology security company in total, nine can only infect jailbroken devices. Mac …
John Leyden, 10 Dec 2015

Dyre banking VXers LOVE Mondays, Symantec says

Nobody can accuse trojan coders of being lazy; the masterminds behind the Dyre banking malware are putting in full five-day working weeks to maintain some 285 command and control servers handling stolen banking credentials. The malware is one of the worst in circulation using its fleet of command and control servers to handle …
Darren Pauli, 25 Jun 2015

Malvertising set to wreak one BEELLION dollars in damage this year

Records have fallen as malvertising clocked its most prolific month in history, making it one of the biggest threats to endpoint security. If the scourge continues, criminals will have inflicted a billion dollars in damages by the end of the year from a paltry US$12,000 investment, according to researchers at security firm …
Darren Pauli, 13 Aug 2015

Net scum respect their elders so long as it leads to p0wnage

Net scum are employing both cool new attacks like the Angler exploit kit and oldies-but-goodies such as macroviruses in their undergoing something of a generational clash, with Cisco reporting both Word macros and the sophisticated Angler exploit kit are the most popular attack vectors this year. Blackhats dumped macros as an …
Darren Pauli, 20 Aug 2015

Malwarebytes slurps startup, hopes to belch out Mac malware zapper

Security software firm Malwarebytes is moving into the Mac security software market with the acquisition of a start-up and the launch of its first anti-malware product for Apple computers. Malwarebytes Anti-Malware for Mac is designed to detect and remove malware, adware, and PUPs (potentially unwanted programs). The release …
John Leyden, 15 Jul 2015
The Register breaking news

Trojans target pro-Tibet organisations

Security experts are warning of yet another targeted malware campaign using socially engineered emails to infiltrate pro-Tibet organisations in a bid to covertly nab sensitive files. Trend Micro threat research manager Ivan Macalintal explained in a blog post that the attacks are linked to the same command and control server …
Phil Muncaster, 11 Apr 2012

Bank-heist malware's servers phone home to Russian spookhaus

Trend Micro researcher Maxim Goncharov says one of the world's most sophisticated and dangerous bank-robbing trojans is now pointing to Russia's Federal Security Service (FSB). Goncharov says the Carbanak trojan's command and control servers now point to the FSB in what could be a joke or gaffe by malware authors. Carbanak in …
Darren Pauli, 25 May 2015

Hackers-for-hire raided 300 banks, corporates for TWELVE YEARS

A band of hackers for hire have raided some 300 banks, corporations and governments undetected for 12 years, possibly the longest campaign of its kind. The German hackers registered 800 front businesses in the UK to target and fully compromise organisations in Germany, Switzerland, and Austria at the request of customers. Elite …
Darren Pauli, 16 Sep 2014

'Chinese hackers' were sniffing SE Asian drawers for YEARS

Security researchers have exposed a decade-long cyber-spying campaign that targeted south-east Asia and India since 2004. The so-called APT 30 hackers are likely to be agents of the Chinese government, according to network security company FireEye. APT 30's primary goal appears to be the theft of sensitive information for …
John Leyden, 13 Apr 2015

FBI takes down Dridex botnet, seizes servers, arrests suspect

The FBI has teamed up with security vendors to disrupt the operations of Dridex banking Trojan. Multiple command-and-control (C&C) servers used by the Dridex Trojan have been taken down and seized in a co-ordinated action after the FBI obtained court orders. The take-down operation is geared towards crippling the malware’s …
John Leyden, 14 Oct 2015
emma watson

Facebook scammers punt fake 'sexy vid' of Emma Watson

Scammers are taking advantage of Emma Watson’s growing popularity by using the Harry Potter star as bait to spread malware on Facebook. The supposed “sexy videos” of the British actress – who has recently stood up against sexism in her new role as Goodwill Ambassador for Women – drop Trojans rather than the promised salacious …
John Leyden, 10 Oct 2014

21st century malware found in Jane Austen's 19th century prose

Cisco's 2015 Midyear Security Report has revealed that at least one group of malware-spreading scum has a literary bent. The report found one group of criminals who were hosting a webpage designed to inject exploit code into unpatched browsers. Typically these landing pages have very little on them, often just random text, but …
Iain Thomson, 28 Jul 2015
Spying image

Securobods claim Middle East govts' fingerprints all over malware flung at journos

Researchers at Toronto-based Citizen Lab have shot down denials by Syria, Bahrain and the United Arab Emirates regarding attacks against activists, journalists and dissidents, labelling some of the assaults as incompetent. The team gathered tens of thousands of documents and files detailing the malware and social engineering …
Darren Pauli, 31 Jul 2014
VR

Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not

Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security. Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same …
John Leyden, 01 Sep 2015

FinFisher spyware used to snoop on Bahraini activists, police told

Allegations that three Bahraini activists resident in Britain were spied on by Bahraini authorities using British spyware have led to a criminal complaint. Privacy International is calling on the National Cyber Crime Unit of Britain's National Crime Agency to investigate the unlawful surveillance of three human rights …
John Leyden, 16 Oct 2014

Cybercrime forum Darkode returns with security, admins intact

Crime forum Darkode has relaunched with renewed security two weeks after it was obliterated in a global police raid that shut down the site and saw members arrested. The English-speaking forum, established in 2007, was a major player in the cybercrime underground where vetted members could buy and sell zero days, trojans, and …
Darren Pauli, 28 Jul 2015

Trustwave: Here's how to earn $84,000 A MONTH as a blackhat

Exploit kit traders and ransomware slingers are in one of the most profitable industries in the world, landing a whopping 1,425 percent profit margin for raiding legitimate trade. Figures from infosec firm Trustwave show the blackhats who are enjoying what appears to be a current boom can score outrageous amounts of money by …
Darren Pauli, 10 Jun 2015

PIRATES and THIEVES to get Windows 10 as BOOTY

Pirates running stolen Windows operating systems will get a free copy of Windows 10, according to reports. Microsoft told reporters the next Windows will be made free to whet appetites for legitimate software, particularly in China. "We are upgrading all qualified PCs, genuine and non-genuine, to Windows 10," Microsoft's …
Darren Pauli, 19 Mar 2015

Sucker for punishment? Join Sony's security team

Sony is seeking a steely-willed vulnerability management director in the wake of its thorough hosing by unknown attackers. The beleaguered media giant posted an online advertisement Friday seeking a security bod boasting a decade's hacking experience to, among other things, "Unify and enhance Sony’s global information security …
Darren Pauli, 23 Dec 2014

Hackers pop German steel mill, wreck furnace

Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces. The hack of the unnamed mill, detailed in the annual report of the German Federal Office of Information Security, was pulled off after a victim fell for a phishing email. Hackers then pivoted to the …
Darren Pauli, 22 Dec 2014

Nigerian prince swaps the sweet talk for keyloggers and exploits

Nigerian 419 scammers have taken to the crime-as-a-service model using cash to plug their technical capability shortfalls to build malware campaigns that could be making millions, according to FireEye researchers. Erye Hernandez, Daniel Regalado and Nart Villeneuv said that scammers, notorious for their attempts to fleece the …
Darren Pauli, 22 Jul 2015
The Register breaking news

Trojans likely to follow Win 7 activation hack

Trojan attacks are likely in the wake of the Windows 7 product activation system cracks developed last week, less than a month after the release of Microsoft's latest operating system. The RemoveWAT (and the similar ChewWGA) utility allow a prospective Windows 7 user to bypass the Windows Genuine Advantage registration procedure …
John Leyden, 17 Nov 2009

Factory reset memory wipe FAILS in 500 MEELLION Android mobes

Half a billion Android phones could have data recovered and Google accounts compromised thanks to flaws in the default wiping feature, University of Cambridge scientists Laurent Simon and Ross Anderson have claimed. The gaffe apparently allows tokens for Google and Facebook, among others, to be recovered in 80 per cent of cases …
Darren Pauli, 22 May 2015