Article / Jun 29, 2018
BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).
Article / May 9, 2018
Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.
Article / Jan 15, 2018 (MODIFIED: Jan 25, 2018)
Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.
Article / Sep 14, 2017 (MODIFIED: Oct 17, 2017)
TrickBot released a new worm module, shifted its focus towards the US, and soared past the one thousand target URLs mark in a single configuration.
Article / Jul 27, 2017 (MODIFIED: Sep 1, 2017)
As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.
Blog / Jun 27, 2017 (MODIFIED: Aug 9, 2017)
Recent NSA, CIA leaks expose advanced techniques for building automated malware factories that create SambaCry-like threats that deploy over untraceable networks.
Blog / Jun 15, 2017 (MODIFIED: Aug 1, 2017)
TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.
Article / Apr 7, 2017 (MODIFIED: Sep 11, 2017)
Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.
Blog / Dec 1, 2016 (MODIFIED: Jul 6, 2017)
TrickBot, the latest arrival to the banking malware scene and successor to the infamous Dyre botnet, is in constant flux.
Article / Sep 1, 2016 (MODIFIED: Jul 6, 2017)
Attackers use an IBAN swapping technique to exchange a legitimate account number with their own destination mule account number before funds transfers occur.
Blog / May 26, 2016 (MODIFIED: Jul 6, 2017)
Webinject crafting is a separate profession now. Hackers write webinjects and sell them to fraudsters, who use them to weaponize Trojans.
Article / Feb 25, 2016 (MODIFIED: Jul 6, 2017)
Like many other financial Trojans, the notorious Dridex malware keeps evolving and strengthening its presence.
Blog / Nov 11, 2015 (MODIFIED: Jul 6, 2017)
Dyre malware is a well-known threat that keeps security pros on their toes due in part to the frequent changes the authors incorporate.
Article / Jun 24, 2015 (MODIFIED: Jul 6, 2017)
Slave is financial malware written in Visual Basic. Since 2015 it has evolved from relatively simple IBAN swapping.
Article / Apr 12, 2015 (MODIFIED: Jul 6, 2017)
Dyre is one of the most sophisticated banking malware agents in the wild.
Article / Oct 15, 2014 (MODIFIED: Jul 6, 2017)
Tinba, also known as "Tinybanker", "Zusy" and "HµNT€R$", is a banking Trojan.