The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: banking Trojan

Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros

Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros

June 07, 2017Mohit Kumar
" Disable macros and always be extra careful when you manually enable it while opening Microsoft Office Word documents. " You might have heard of above-mentioned security warning multiple times on the Internet as hackers usually leverage this decade old macros-based hacking technique to hack computers through specially crafted Microsoft Office files, particularly Word, attached to spam emails. But a new social engineering attack has been discovered in the wild, which doesn't require users to enable macros ; instead it executes malware on a targeted system using PowerShell commands embedded inside a PowerPoint (PPT) file. Moreover, the malicious PowerShell code hidden inside the document triggers as soon as the victim moves/hovers a mouse over a link (as shown), which downloads an additional payload on the compromised machine -- even without clicking it. Researchers at Security firm SentinelOne have discovered that a group of hackers is using malicious PowerPoi
Android Trojan Targeting Over 420 Banking Apps Worldwide Found On Google Play Store

Android Trojan Targeting Over 420 Banking Apps Worldwide Found On Google Play Store

April 13, 2017Wang Wei
Do you like watching funny videos online? I am not kind of a funny person, but I love watching funny videos clips online, and this is one of the best things that people can do in their spare time. But, beware if you have installed a funny video app from Google Play Store. A security researcher has discovered a new variant of the infamous Android banking Trojan hiding in apps under different names, such as Funny Videos 2017 , on Google Play Store. Niels Croese, the security researcher at Securify B.V firm, analyzed the Funny Videos app that has 1,000 to 5,000 installs and found that the app acts like any of the regular video applications on Play Store, but in the background, it targets victims from banks around the world. This newly discovered banking Trojan works like any other banking malware, but two things that makes it different from others are — its capability to target victims and use of DexProtector tool to obfuscate the app's code. Dubbed BankBot , the banking
Unpatched Microsoft Word Flaw is Being Used to Spread Dridex Banking Trojan

Unpatched Microsoft Word Flaw is Being Used to Spread Dridex Banking Trojan

April 11, 2017Swati Khandelwal
If you are a regular reader of The Hacker News, you might be aware of an ongoing cyber attack — detected in the wild by McAfee and FireEye — that silently installs malware on fully-patched computers by exploiting an unpatched Microsoft Word vulnerability in all current versions of Microsoft Office. Now, according to security firm Proofpoint, the operators of the Dridex malware started exploiting the unpatched Microsoft Word vulnerability to spread a version of their infamous Dridex banking trojan . Dridex is currently one of the most dangerous banking trojans on the Internet that exhibits the typical behavior of monitoring a victim's traffic to bank sites by infiltrating PCs and stealing victim's online banking credentials and financial data. The Dridex actors usually relied on macro-laden Word files to distribute the malware through spam messages or emails. However, this is the first time when researchers found the Dridex operators using an unpatched zero-day flaw
Russian Hacker Pleads Guilty to Developing and Distributing Citadel Trojan

Russian Hacker Pleads Guilty to Developing and Distributing Citadel Trojan

March 23, 2017Wang Wei
A Russian man accused of developing and distributing the Citadel Banking Trojan , which infected nearly 11 Million computers globally and caused over $500 Million in losses, has finally pleaded guilty to charges of computer fraud. Mark Vartanyan, 29, who was very well known as " Kolypto ," pleaded guilty in an Atlanta courtroom on Monday to charges related to computer fraud and is now co-operating with federal prosecutors in return for a reduced sentence of no more than five years in prison. Vartanyan, a native of Moscow, was arrested in Norway in October 2014 and extradited to the United States in December last year. He was involved in the development, improvement, maintenance and distribution of the nasty Citadel Trojan. "This successful extradition is yet another example of how cooperation among international law enforcement partners can be used to disrupt and dismantle global cyber syndicates," said U.S. Attorney John Horn. "This defendant's
Dridex Banking Trojan Gains ‘AtomBombing’ Code Injection Ability to Evade Detection

Dridex Banking Trojan Gains 'AtomBombing' Code Injection Ability to Evade Detection

March 01, 2017Swati Khandelwal
Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called " AtomBombing ." On Tuesday, Magal Baz, security researcher at Trusteer IBM  disclosed new research, exposing the new Dridex version 4, which is the latest version of the infamous financial Trojan and its new capabilities. Dridex is one of the most well-known Trojans that exhibits the typical behavior of monitoring a victim's traffic to bank sites by infiltrating victim PCs using macros embedded in Microsoft documents or via web injection attacks and then stealing online banking credentials and financial data. However, by including AtomBombing capabilities, Dridex becomes the first ever malware sample to utilize such sophisticated code injection technique to evade detection. What is "AtomBombing" Technique? Code injection te
Source Code for another Android Banking Malware Leaked

Source Code for another Android Banking Malware Leaked

January 23, 2017Swati Khandelwal
Another bad news for Android users — Source code for another Android banking malware has been leaked online via an underground hacking forum. This newly discovered banking Trojan is designed to steal money from bank accounts of Android devices' owners by gaining administrator privileges on their smartphones. Apparently, it will attract the attention of many cyber criminals who can recompile the source code or can also use it to develop more customized and advanced variants of Android banking Trojans. According to security researchers from Russian antivirus maker Dr. Web, the malware's source code was posted online, along with the information on how to use it, meaning Android devices are most likely to receive an increasing number of cyber attacks in upcoming days. Leaked: Trojan Source Code + 'How to Use' Instructions Dr. Web researchers said they have already discovered one banking trojan in the wild developed using this leaked source code, adding that th
Over 300,000 Android Devices Hacked Using Chrome Browser Vulnerability

Over 300,000 Android Devices Hacked Using Chrome Browser Vulnerability

November 09, 2016Wang Wei
A vulnerability in Chrome for Android is actively being exploited in the wild that allows hackers to quietly download banking trojan apps (.apk) onto victim's' device without their confirmation. You might have encountered a pop-up advertisement that appears out of nowhere and surprise you that your mobile device has been infected with a dangerous virus and instructs you to install a security app to remove it immediately. This malicious advertising web page automatically downloads an Android app installation (.apk) file to your device without requiring any approval. Citing malware threats on your mobile device, attackers trick you to change your device's settings to allow installation of the third-party apps from stores other than Google Play Store and install the banking trojan app on your device. Kaspersky researchers Mikhail Kuzin and Nikita Buchka discovered one such widespread malicious advertising campaign across Russian news sites and popular websites. Since
Russia arrests 50 hackers who stole $25 million from Banks

Russia arrests 50 hackers who stole $25 million from Banks

June 03, 2016Mohit Kumar
Russian authorities have arrested a gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles ( over US$25 Million ) from banks and other financial institutions in the country since 2011. The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked. The group allegedly used a Trojan called " Lurk " to set up a network of bots on infected computers to carry out the attacks, according to Russia's FSB ( Federal Security Service ). Initially identified in 2012, Lurk is a "fileless" Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation. The criminal gang allegedly seeded some of Russia's most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims' computers. The hackers then stole
Creators of  SpyEye Virus Sentenced to 24 Years in Prison

Creators of SpyEye Virus Sentenced to 24 Years in Prison

April 21, 2016Swati Khandelwal
In Brief Two International hackers, Aleksandr Andreevich Panin and Hamza Bendelladj, have been sentenced to a combined 24 years and 6 months in prison for their roles in developing and distributing SpyEye banking trojan, a powerful botnet similar to the infamous ZeuS malware. Both hackers were charged with stealing hundreds of millions of dollars from banking institutions worldwide. Masterminds behind the development and distribution of the infamous " SpyEye " botnet have finally been sentenced to a combined total of 24 years and 6 months in prison. Aleksandr Andreevich Panin and Hamza Bendelladj have been sentenced for their roles in developing and distributing SpyEye malware that is said to have caused hundreds of millions of dollars in losses to the financial sector, the U.S. Justice Department said  on Wednesday. SpyEye, a successor to the notorious Zeus banking malware , has affected financial institutions since 2009. Once infected, the malware connects t
Russian Hackers Manipulate Ruble-Dollar Exchange Rate with Malware

Russian Hackers Manipulate Ruble-Dollar Exchange Rate with Malware

February 09, 2016Unknown
Russian Group of Hackers reportedly cracked into the Kazan-based Energobank and messed up with the Ruble-Dollar exchange rates. In Feb 2015, a hacking group, known by the name METEL , successfully breached into the Russian Regional Bank for just 14 minutes and caused the exchange rate to fluctuate between 55 and 66 rubles per dollar, which finally resulted in the increment of Ruble's value. Here's how they did it: According to Russian security firm, Group-IB, who investigated the incident, the Metel Hacking group infected Kazan-based Energobank with a virus known as the Corkow Trojan and placed more than $500 million in orders at non-market rates. " This is the first documented attack using this virus, and it has the potential to do much more damage ," Dmitry Volkov, the head of Group-IB's cyber intelligence department, told Bloomberg . The hackers had taken the advantage of Spear Phishing Technique, which appears to come from a legit source. A single click
Hackers behind Dyre Malware Busted in Police Raid

Hackers behind Dyre Malware Busted in Police Raid

February 08, 2016Swati Khandelwal
The world's most notorious financial hacking operation disrupted by Russian authorities in November, when they raided the offices associated with a Moscow-based film and production company named 25th Floor . According to the Russian authorities, 25th Floor was allegedly involved in distributing the notorious password-stealing malware known as Dyre Banking Trojan . Malware Costs Hundreds of $$$ Millions in Losses The Dyre banking Trojan was typically distributed via spam campaigns and was responsible for over hundreds of millions of dollars in losses at banking and financial institutions, including Bank of America Corp, PayPal, and JPMorgan Chase & Co. Dyre , also known as Dyreza , first appeared in July 2014 and updated to target Windows 10 systems and its newest Edge browser. However, Dyre has not been in use since the November raid, according to cyber security experts, who said the raid represents Russia's biggest effort up to date in cracking down
Someone Hijacks Botnet Network & Replaces Malware with an Antivirus

Someone Hijacks Botnet Network & Replaces Malware with an Antivirus

February 05, 2016Mohit Kumar
The Dridex banking trojan that is widely being used by cyber criminals to distribute malware onto users' machines has now been found distributing a security software. A portion of the Dridex banking Trojan botnet may have been hacked or compromised by an unknown Whitehat Hacker, who replaced the malicious links with  Avira Antivirus  installers. What is Dridex Banking Trojan? How it Works? Dridex malware – also known as Bugat and Cridex – is believed to have been created by cyber criminals in Eastern Europe in an effort to harvest online banking details. Even after a high-profile takedown operation in late 2015, the Dridex botnet seems to be active again. The Dridex virus typically distributes itself through spam messages or emails that include malicious attachments, most often a Microsoft Office file or Word document integrated with malicious macros. Once the malicious file has been clicked, the macros download and install the main payload of the virus – th
This 20-year-old Student Has Written 100 Malware Programs in Two Years

This 20-year-old Student Has Written 100 Malware Programs in Two Years

July 04, 2015Swati Khandelwal
Security firm Trend Micro has identified a 20-year-old Brazilian college student responsible for developing and distributing over 100 Banking Trojans selling each for around US$300 . Known online as ' Lordfenix ', ' Hacker's Son ' and ' Filho de Hacker ', the computer science student first began his career by posting in forums, asking for programming help for a Trojan he was developing, researchers said. Developed More than 100 Trojans However, Lordfenix has "grown quite confident in his skills" and began developing and distributing malware tailored to pilfer financial information since at least 2013. "Based on our research, Lordfenix has created more than 100 different banking Trojans , not including his other malicious tools, since April 2013," Trend Micro says . "With each Trojan costing around R$1,000 (roughly $320), this young cybercriminal channeled his talent in programming into a lucrative, illegal venture." Trend Mi
Europol Arrests Gang Behind Zeus And SpyEye Banking Malware

Europol Arrests Gang Behind Zeus And SpyEye Banking Malware

June 26, 2015Swati Khandelwal
The Law enforcement agencies from six different European countries have taken down a major Ukrainian-based cyber criminals gang suspected of developing, distributing and deploying Zeus and SpyEye banking malware . According to the report on the official website of Europol, authorities have arrested five suspects between June 18 and 19. All the five suspects are the members of an alleged gang that has been accused of infecting tens of thousands of computers worldwide with malware and banking Trojans. The alleged cybercriminal group distributed and used Zeus and SpyEye malware to steal money from several major banks in Europe and outside. The gang constantly modified its malware Trojans to defeat the security protocols of banks and used " mule networks " to launder money. "On the underground digital forums, they actively traded stolen credentials, compromised bank account information and malware," Europol said in a statement on Thursday, "
Europol Takes Down RAMNIT Botnet that Infected 3.2 Million Computers

Europol Takes Down RAMNIT Botnet that Infected 3.2 Million Computers

February 25, 2015Mohit Kumar
It seems like the world has declared war against the Cyber Criminals. In a recent update, we reported that FBI is offering $3 Million in Reward for the arrest of GameOver Zeus botnet mastermind, and meanwhile British cyber-police has taken down widely-spread RAMNIT botnet . The National Crime Agency (NCA) in a joint operation with Europol's European Cybercrime Centre (EC3) and law enforcement agencies from Germany, Italy, the Netherlands, and the United Kingdom has taken down the Ramnit "botnet", which has infected over 3.2 million computers worldwide, including 33,000 in the UK. Alike GameOver Zeus, RAMNIT is also a ' botnet ' - a network of zombie computers which operate under criminal control for malicious purposes like spreading viruses, sending out spam containing malicious links, and carrying out distributed denial of service attacks (DDoS) in order to bring down target websites. RAMNIT believes to spread malware via trustworthy links se
Hackers Stole $300 Million from 100 Banks Using Malware

Hackers Stole $300 Million from 100 Banks Using Malware

February 15, 2015Wang Wei
Despite increased online and mobile banking security, banks are more often being targeted by hackers. A hacker group has infiltrated a number of banks and financial institutions in several countries, stealing hundreds of Millions of dollars in possibly the biggest bank heist the world has ever seen. According to a report published by the New York Times on Saturday, hackers have stolen as much as $1 Billion from more than 100 banks and other financial companies in almost 30 nations, making it " the most sophisticated attack the world has seen to date. " In late 2013 , banks in Russia, Japan, Europe, the United States and other countries fell victim to a massive, sophisticated malware hack that allowed the hackers to spy on bank officials in order to mimic their behavior, according to an upcoming report by Kaspersky Labs received by the NY Times. CARBANAK BANKING MALWARE IN THE WILD In order to infect bank staffs, the hacker group sent malicious emails to hun
Beware of Fake 'WhatsApp Web' Spreading Banking Trojan

Beware of Fake 'WhatsApp Web' Spreading Banking Trojan

February 07, 2015Swati Khandelwal
Cybercriminals are known to take advantage of everything that captures public attention in order to spread malware, and the recently launched web client of the most popular WhatsApp messaging application seems to be their next target. Last month, the messaging giant WhatsApp, with 700 million users worldwide, finally launched its web client to the public. The feature is called " WhatsApp Web ," which gives its users the ability to read and send messages directly from their web browsers. FAKE WHATSAPP WEB SPREADING BANKING TROJANS However, malicious hackers have taken the advantage of the latest WhatsApp Web and have started fooling users all over the world with fake downloads masquerading as a desktop variant of the WhatsApp mobile application. Security researchers at Kaspersky Labs have spotted a seemingly genuine WhatsApp Web for Windows in spam campaign available for fake download that actually spreads financial malware Trojans to the systems worldwide.
New Variant of Emotet Banking Malware targets German Users

New Variant of Emotet Banking Malware targets German Users

January 07, 2015Swati Khandelwal
A new Spam email campaign making the rounds in Germany are delivering a new variant of a powerful banking malware , a financial threat designed to steal users' online banking credentials, according to security researchers from Microsoft. The malware, identified as Emotet , was first spotted last June by security vendors at Trend Micro. The most standout features of Emotet is its network sniffing ability , which enables it to capture data sent over secured HTTPS connections by hooking into eight network APIs, according to Trend Micro. Microsoft has been monitoring a new variant of Emotet banking malware , Trojan:Win32/Emotet.C , since November last year. This new variant was sent out as part of a spam email campaign that peaked in November. Emotet has been distributed through spam messages, which either contain a link to a website hosting the malware or a PDF document icon that is actually the malware. HeungSoo Kang of Microsoft's Malware Protection Center identifi
Beware: Fake 'The Interview' App Affects Android Users

Beware: Fake 'The Interview' App Affects Android Users

December 28, 2014Swati Khandelwal
" The Interview ", the controversial North Korean-baiting film which appeared to be the root cause of the cyber mishap occurred at Sony Pictures Entertainment that threatened terror attack at theaters showing the movie, now threatens to expose users of Android phones to a malware attack. Since its release, everyone is talking about "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un. Because cybercriminals are known to take advantage of major events where there is a high level of public interest, The Interview became their target. In a joint investigation, Security researchers of McAfee and Technische Universität Darmstadt and the Center for Advanced Security Research Darmstadt (CASED) has discovered an Android app claiming to download 'The Interview' comedy on their smartphone devices actually infects users' devices with banking trojan in
'Tinba' Banking Malware Source Code Leaked Online

'Tinba' Banking Malware Source Code Leaked Online

July 12, 2014Mohit Kumar
The source code for the smallest but sophisticated banking Trojan Tinba has been leaked through an online post in an underground forum, which make it available for anyone who knows where to look for free malware generation tools. The files posted on the closed russian underground forum turned out to be the source code of Tinba version1 , which was discovered around mid-2012 and they say it is the original, privately sold version of the crimeware kit that infected thousands of computers in Turkey. Tinba , also known as Zusy, is a tiny but deadly banking Trojan that comprises just 20 Kilobytes of code that gives it ability to slip past detection by some antivirus engines and uses a number of well-word man-in-the-browser tricks in an attempt to defeat two-factor authentication. It infects systems without any advanced encryption or packing and has capability to hook into browsers and steal login data and sniff on network traffic. Last week, researchers at CSIS in Denmark
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.