Contributor Doron Voolf

BackSwap Defrauds Online Banking Customers Using Hidden Input Fields

Article / Jun 29, 2018

By ruby cohen doron voolf

BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).

Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

Article / May 9, 2018

By doron voolf

Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.

Ramnit Goes on a Holiday Shopping Spree, Targeting Retailers and Banks

Article / Jan 15, 2018 (MODIFIED: Jan 25, 2018)

By doron voolf

Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.

Trickbot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

Article / Sep 14, 2017 (MODIFIED: Oct 17, 2017)

By sara boddy jesse smith doron voolf

TrickBot released a new worm module, shifted its focus towards the US, and soared past the one thousand target URLs mark in a single configuration.

Trickbot Focuses on Wealth Management Services from its Dyre Core

Article / Jul 27, 2017 (MODIFIED: Sep 1, 2017)

By doron voolf sara boddy jesse smith

As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.

Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs

Blog / Jun 15, 2017 (MODIFIED: Aug 1, 2017)

By sara boddy jesse smith doron voolf

TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.

Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email

Article / Apr 7, 2017 (MODIFIED: Sep 11, 2017)

By doron voolf

Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.

Malware Targeting Bank Accounts Has a Swapping Pattern

Article / Sep 1, 2016 (MODIFIED: Jul 6, 2017)

By doron voolf elman reyes

Attackers use an IBAN swapping technique to exchange a legitimate account number with their own destination mule account number before funds transfers occur.

Webinject Crafting Goes Professional: Gozi Sharing Tinba Webinjects

Blog / May 26, 2016 (MODIFIED: Jul 6, 2017)

By doron voolf

Webinject crafting is a separate profession now. Hackers write webinjects and sell them to fraudsters, who use them to weaponize Trojans.

Dridex Update: Moving to US Financials with VNC

Article / Apr 26, 2016 (MODIFIED: Jul 6, 2017)

By doron voolf

Ongoing campaign analysis has revealed that Dridex malware's latest focus has strongly shifted in recent months to US banks.

Follow us on social media.