#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

banking Trojan | Breaking Cybersecurity News | The Hacker News

'Tinba' Banking Malware Source Code Leaked Online

'Tinba' Banking Malware Source Code Leaked Online

Jul 12, 2014
The source code for the smallest but sophisticated banking Trojan Tinba has been leaked through an online post in an underground forum, which make it available for anyone who knows where to look for free malware generation tools. The files posted on the closed russian underground forum turned out to be the source code of Tinba version1 , which was discovered around mid-2012 and they say it is the original, privately sold version of the crimeware kit that infected thousands of computers in Turkey. Tinba , also known as Zusy, is a tiny but deadly banking Trojan that comprises just 20 Kilobytes of code that gives it ability to slip past detection by some antivirus engines and uses a number of well-word man-in-the-browser tricks in an attempt to defeat two-factor authentication. It infects systems without any advanced encryption or packing and has capability to hook into browsers and steal login data and sniff on network traffic. Last week, researchers at CSIS in Denmark
New Banking Malware with Network Sniffer Spreading Rapidly Worldwide

New Banking Malware with Network Sniffer Spreading Rapidly Worldwide

Jun 28, 2014
The hike in the banking malware this year is no doubt almost double compared to the previous one, and so in the techniques of malware authors. Until now, we have seen banking Trojans affecting devices and steal users' financial credentials in order to run them out of their money. But nowadays, malware authors are adopting more sophisticated techniques in an effort to target as many victims as possible. BANKING MALWARE WITH NETWORK SNIFFING Security researchers from the Anti-virus firm Trend Micro have discovered a new variant of banking malware that not only steals users' information from the device it has infected but, has ability to " sniff " network activity in an effort to compromise the devices of same network users as well. The banking malware, dubbed as EMOTET spreads rapidly through spammed emails that masquerade itself as a bank transfers and shipping invoices. The spammed email comes along with an attached link that users easily click, considering that t
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Fake WeChat App Targeting Android Users with Banking Trojan

Fake WeChat App Targeting Android Users with Banking Trojan

May 29, 2014
After Whatsapp, The Chinese WeChat is the second most popular messaging application and currently being targeted by cybercriminals to spread a new Banking Trojan in order to steal the financial information from its users. WeChat is a famous mobile instant messaging app developed by Chinese company Tencent, with more than 355 million users across the world. The app offers people to chit-chat with their friends and relatives, and also allows users to make payments for goods and services on WeChat. The Payment feature of the app requires users' bank account details to their messenger account and this is what tempting cybercriminals to develop new and more sophisticated banking Trojans and malwares. The security researchers at Kaspersky Lab have uncovered such banking Trojan, dubbed as Banker.AndroidOS.Basti.a, which looks exactly like the legitimate WeChat application for Android devices. While installation, it also requires the same permissions such as to access the Int
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
iBanking Android Malware targeting Facebook Users with Web Injection techniques

iBanking Android Malware targeting Facebook Users with Web Injection techniques

Apr 16, 2014
iBanking is nothing but a mobile banking Trojan app which impersonates itself as a so-called ' Security App ' for Android devices and distributed through HTML injection attacks on banking sites, in order to deceive its victims. Recently, its source code has been leaked online through an underground forum that gave the opportunities to a larger number of cyber criminals to launch attacks using this kind of ready-made mobile malware. The malicious iBanking app installed on victims' phone has capabilities to spy on user's communications. The bot allows an attacker to spoof SMS, redirect calls to any pre-defined phone number, capture audio using the device's microphone and steal other confidential data like call history log and the phone book contacts. According to new report from ESET security researchers, now this iBanking Trojan ( Android/Spy.Agent.AF ) is targeting Facebook users by tricking them to download a malware application. The malware uses
Beware of Zeus Banking Trojan Signed With Valid Digital Signature

Beware of Zeus Banking Trojan Signed With Valid Digital Signature

Apr 06, 2014
A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software " signed " with Microsoft's digital certificates of authenticity, an extremely sensitive cryptography seal. Cyber Criminals somehow managed to hack valid Microsoft digital certificate, used it to trick users and admins into trusting the file. Since the executable is digitally signed by the Microsoft developer no antivirus tool could find it as malicious. Digitally signed malware received a lot of media attention last year. Reportedly, more than 200,000 unique malware binaries were discovered in past two years signed with valid digital signatures. A Comodo User submitted a sample of the malicious software that attempts to trick user by masquerading itself as file of Intern
Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Feb 27, 2014
Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always " The arrest of malware authors and culprits who are involved in the development of Malware. " Tilon has been an active malware family that was spotted first time in 2012, was specially designed to filch money from online bank accounts, that earlier various researchers found to be the new version of Silon , is none other than the SpyEye2 banking Trojan , according to researchers at security firm  Delft Fox-IT . Tilon  a.k.a  SpyEye2 is the sophisticated version of SpyEye Trojan . Majority functional part of the malware is same as of the SpyEye banking Trojan that was developed by a 24-year-old Russian hacker ' Aleksandr Andreevich Panin ' or also known as  Gribodemon , who was arrested in July 2013. ' SpyEye ', infected more than 1.4 million Computers
Android iBanking Trojan Source Code Leaked Online

Android iBanking Trojan Source Code Leaked Online

Feb 22, 2014
Smartphone  is the need of everyone today and so the first target of most of the Cyber Criminals . Malware authors are getting to know their market and are changing their way of operations. Since last year we have seen a rise in the number of hackers moving from the Blackhat into the Greyhat. The Head of knowledge delivery and business development for  RSA's FraudAction Group ,  Daniel Cohen  warned users about the new threat via a company  blog  on Thursday, that explains everything about the malware app, called  iBanking . iBanking , a new mobile banking  Trojan app which impersonates itself as an Android ' Security App ', in order to deceive its victims, may intimidate a large number of users as now that its source code has been leaked online through an underground forum. It will give an opportunity to a larger number of cybercriminals to launch attacks using this kind of ready-made mobile malware in the future. Since many banking sites use  two-fac
First Ever Windows Malware that can hack your Android Mobile

First Ever Windows Malware that can hack your Android Mobile

Jan 24, 2014
Hey Android users! I am quite sure that you must be syncing your Smartphone with your PCs for transferring files and generating backup of your device.  If your system is running a windows operating system, then it's a bad news for you. Researchers have discovered a new piece of windows malware that attempts to install mobile banking malware on Android devices while syncing. Last year in the month of February, Kaspersky Lab revealed an Android malware that could infect your computer when connected to Smartphone or tablets.   Recently, Researchers at Symantec antivirus firm discovered another interesting windows malware called ' Trojan . Droidpak ', that drops a malicious DLL in the computer system and then downloads a configuration file from the following remote server: https://xia2.dy[REMOVED]s-web.com/iconfig.txt The Windows Trojan then parses this configuration file and download a malicious APK (an Android application) from the following location on the
Cybersecurity Resources