#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

ThreatFabric | Breaking Cybersecurity News | The Hacker News

SpyNote Strikes Again: Android Spyware Targeting Financial Institutions

SpyNote Strikes Again: Android Spyware Targeting Financial Institutions

Jan 05, 2023 Mobile Security / Surveillance
Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022 that combines both spyware and banking trojan characteristics. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public," ThreatFabric  said  in a report shared with The Hacker News. "This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions." Some of the notable institutions that are impersonated by the malware include Deutsche Bank, HSBC U.K., Kotak Mahindra Bank, and Nubank. SpyNote (aka SpyMax) is feature-rich and comes with a plethora of capabilities that allows it to install arbitrary; gather SMS messages, calls, videos, and audio recordings; track GPS locations; and even hinder efforts to uninstall the app. It also follows the modus operandi of other  banking   malware  by requesting for p
Beware: Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

Beware: Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

Dec 20, 2022 Banking Malware / Mobile Security
The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called  BrasDex  that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps, as well as a highly capable Automated Transfer System ( ATS ) engine," ThreatFabric  said  in a report published last week. The Dutch security firm said that the command-and-control (C2) infrastructure used in conjunction with BrasDex is also being used to control  Casbaneiro , which is known to strike banks and cryptocurrency services in Brazil and Mexico. The  hybrid Android and Windows malware campaign  is estimated to have resulted in thousands of infections to date. BrasDex, which masquerades as a banking app for Banco Santander, is also emblematic of a new trend that in
Researchers Uncover Darknet Service Allowing Hackers to Trojanize Legit Android Apps

Researchers Uncover Darknet Service Allowing Hackers to Trojanize Legit Android Apps

Dec 08, 2022 Mobile Security / Android Malware
Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as  ERMAC ,  Erbium ,  Aurora , and  Laplas , according to a  ThreatFabric report  shared with The Hacker News. "This campaign resulted in thousands of victims," the Dutch cybersecurity company said, adding, "Erbium stealer successfully exfiltrated data from more then 1,300 victims." The ERMAC infections commence with a fraudulent website that claims to offer Wi-Fi authorization software for Android and Windows that, when installed, comes with features to steal seed phrases from crypto wallets and other sensitive data. ThreatFabric said it also found a number of malicious apps that were trojanized versions of legitimate apps like Instagram, with the operators using them as droppers to deliver the obfuscated malicious payload. The rogue apps, dubbed Zombin
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware

Hackers Using Vishing to Trick Victims into Installing Android Banking Malware

Oct 12, 2022
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as the social engineering technique is called, involves calling the victims using previously collected information from the fraudulent websites. The caller, who purports to be a support agent for the bank, instructs the individual on the other end of the call to install a security app and grant it extensive permissions, when, in reality, it's malicious software intended to gain remote access or conduct financial fraud. In this case, it leads to the deployment of an Android malware dubbed  Copybara , a mobile trojan first detected in November 2021 and is primarily used to perform on-devic
Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise

Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise

May 31, 2022
An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal. "The most worrying leitmotif is the increasing attention to On-Device Fraud (ODF)," Dutch cybersecurity company ThreatFabric  said  in a report shared with The Hacker News. "Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines." Hydra ,  FluBot  (aka Cabassous),  Cerberus ,  Octo , and  ERMAC  accounted for the most active banking trojans based on the number of samples observed during the same
More Resources