Article / Jul 16, 2018
Threat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations.
Article / Jun 29, 2018
BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).
Article / Jun 23, 2018
Attackers continue to find new and creative ways to carry out malicious crypto-mining operations, employing multiple exploits in a single campaign.
Article / Jun 21, 2018
With the vast availability of new exploits and the competition for victims’ resources, the multi-exploit trend continues to be popular among attackers.
Article / Apr 12, 2018
Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.
Article / Apr 6, 2018
The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.
Byline / Apr 3, 2018
People are mining coins all over the place-all it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power to mine cryptocurrency.
Article / Mar 28, 2018
Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.
Article / Feb 28, 2018
A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.
Blog / Feb 21, 2018
The drop zone server used earlier to mine Monero on compromised Jenkins automation servers is now being used in a new campaign targeting Oracle Web Logic servers.
Article / Jan 15, 2018 (MODIFIED: Jan 25, 2018)
Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.
Blog / Jan 10, 2018 (MODIFIED: Jan 15, 2018)
Every week, another bug, vulnerability, or exploit is released—we need a multi-layered security strategy to deal with threats like Spectre and Meltdown.
Article / Sep 14, 2017 (MODIFIED: Oct 17, 2017)
TrickBot released a new worm module, shifted its focus towards the US, and soared past the one thousand target URLs mark in a single configuration.
Article / Jul 27, 2017 (MODIFIED: Sep 1, 2017)
As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.
Blog / Jun 15, 2017 (MODIFIED: Aug 1, 2017)
TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.
Article / Apr 7, 2017 (MODIFIED: Sep 11, 2017)
Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.
Blog / Dec 1, 2016 (MODIFIED: Jul 6, 2017)
TrickBot, the latest arrival to the banking malware scene and successor to the infamous Dyre botnet, is in constant flux.
Article / Sep 1, 2016 (MODIFIED: Jul 6, 2017)
Attackers use an IBAN swapping technique to exchange a legitimate account number with their own destination mule account number before funds transfers occur.
Blog / May 26, 2016 (MODIFIED: Jul 6, 2017)
Webinject crafting is a separate profession now. Hackers write webinjects and sell them to fraudsters, who use them to weaponize Trojans.
Article / Feb 25, 2016 (MODIFIED: Jul 6, 2017)
Like many other financial Trojans, the notorious Dridex malware keeps evolving and strengthening its presence.
Article / Dec 14, 2015 (MODIFIED: Jul 6, 2017)
Standard mobile banking trojans post their own fraudulent content over banking applications. Yasuo-Bot goes further.
Blog / Nov 11, 2015 (MODIFIED: Jul 6, 2017)
Dyre malware is a well-known threat that keeps security pros on their toes due in part to the frequent changes the authors incorporate.