Article / Jun 29, 2018
BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).
Article / May 9, 2018
Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.
Article / Jan 15, 2018 (MODIFIED: Jan 25, 2018)
Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.
Article / Sep 14, 2017 (MODIFIED: Oct 17, 2017)
TrickBot released a new worm module, shifted its focus towards the US, and soared past the one thousand target URLs mark in a single configuration.
Article / Jul 27, 2017 (MODIFIED: Sep 1, 2017)
As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.
Blog / Jun 15, 2017 (MODIFIED: Aug 1, 2017)
TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.
Article / Apr 7, 2017 (MODIFIED: Sep 11, 2017)
Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.
Article / Sep 1, 2016 (MODIFIED: Jul 6, 2017)
Attackers use an IBAN swapping technique to exchange a legitimate account number with their own destination mule account number before funds transfers occur.
Blog / May 26, 2016 (MODIFIED: Jul 6, 2017)
Webinject crafting is a separate profession now. Hackers write webinjects and sell them to fraudsters, who use them to weaponize Trojans.