banking malware | Breaking Cybersecurity News | The Hacker News

While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods. Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and asks victims to send a selfie holding their ID card, according to a blog post published by McAfee. The Trojan is the most recent version of Acecard that has been labeled as one of the most dangerous Android banking Trojans known today, according to Kaspersky Lab Anti-malware Research Team. Once successfully installed, the trojan asks users for a number of device's permissions to execute the malicious code and then waits for victims to open apps, specifically those where it would make sense to request payment card information. Acecard Steals your Payment Card and Real ID det

A Russian man who spent about 3 years behind bars in the United States has been spared further prison time but ordered to pay $7 Million to cover damages he caused to banks using a vicious computer virus. Nikita Vladimirovich Kuzmin was arrested in 2010 and imprisoned in August 2011 for developing a sophisticated computer malware called Gozi and infecting more than 1 million computers worldwide, causing tens of millions of dollars in losses. Kuzmin was sentenced Monday to the 37 months he has already served in custody, and ordered to pay $6,934,979 that authorities have identified as the damages experienced by two major Banks, one located in the U.S. and the other in Europe, Department of Justice says . Kuzmin received a lighter sentence due to his "substantial assistance" in the investigation that resulted in the conviction of Latvian national Deniss Calovskis as well as the arrest of Romanian Mihai Ionut Paunescu, who is awaiting extradition to the United States.

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Tanvir Hassan Zoha , a 34-year-old security researcher, who spoke to media on the $81 Million Bangladesh Bank cyber theft , has gone missing since Wednesday night, just days after accusing Bangladesh's central bank officials of negligence. Zoha was investigating a recent cyber attack on Bangladesh's central bank that let hackers stole $81 Million from the banks' Federal Reserve bank account. Though the hackers tried to steal $1 Billion from the bank, a simple typo prevented the full heist. During his investigation, Zoha believed the Hackers, who are still unknown, had installed Malware on the bank's computer systems few weeks before the heist that allowed them to obtain credentials needed for payment transfers. With the help of those credentials, the unknown hackers transferred large sums from Bangladesh's United States account to fraudulent accounts based in the Philippines and Sri Lanka. However, at the same time, Zoha accused senior offic

The recent cyber attack on Bangladesh's central bank that let hackers stole over $80 Million from the institutes' Federal Reserve bank account was reportedly caused due to the Malware installed on the Bank's computer systems. Few days ago, reports emerged of a group of unknown hackers that broke into Bangladesh's central bank, obtained credentials needed for payment transfers from Federal Reserve Bank of New York and then transferred large sums to fraudulent accounts based in the Philippines and Sri Lanka. The criminal group was able to steal a total value of about $81 Million from the Federal Reserve's Bangladesh account through a series of fraudulent transactions, but a typo in some transaction prevented a further $850 Million Heist . However, the question was still there: How the Hackers managed to transfer $80 Million without leaving any Trace? Security researchers from FireEye's Mandiant forensics are helping the Dhaka investigat

The source code of a recently discovered Android banking Trojan that has the capability to gain administrator access on your smartphone and completely erase your phone's storage has been LEAKED online. The banking Trojan family is known by several names; Security researchers from FireEye dubbed it SlemBunk, Symantec dubbed it Bankosy, and last week when Heimdal Security uncovered it, they dubbed it MazarBot . All the above wave of Android banking Trojans originated from a common threat family, dubbed GM Bot, which IBM has been tracking since 2014. GM Bot emerged on the Russian cybercrime underground forums, sold for $500 / €450, but it appears someone who bought the code leaked it on a forum in December 2015, the IBM X-Force team reported. What is GM Bot and Why Should You Worry about it? The recent version of GM Bot ( dubbed MazarBOT ) has the capability to display phishing pages on the top of mobile banking applications in an effort to trick Android users

The world's most notorious financial hacking operation disrupted by Russian authorities in November, when they raided the offices associated with a Moscow-based film and production company named 25th Floor . According to the Russian authorities, 25th Floor was allegedly involved in distributing the notorious password-stealing malware known as Dyre Banking Trojan . Malware Costs Hundreds of $$$ Millions in Losses The Dyre banking Trojan was typically distributed via spam campaigns and was responsible for over hundreds of millions of dollars in losses at banking and financial institutions, including Bank of America Corp, PayPal, and JPMorgan Chase & Co. Dyre , also known as Dyreza , first appeared in July 2014 and updated to target Windows 10 systems and its newest Edge browser. However, Dyre has not been in use since the November raid, according to cyber security experts, who said the raid represents Russia's biggest effort up to date in cracking down

The Dridex banking trojan that is widely being used by cyber criminals to distribute malware onto users' machines has now been found distributing a security software. A portion of the Dridex banking Trojan botnet may have been hacked or compromised by an unknown Whitehat Hacker, who replaced the malicious links with  Avira Antivirus  installers. What is Dridex Banking Trojan? How it Works? Dridex malware – also known as Bugat and Cridex – is believed to have been created by cyber criminals in Eastern Europe in an effort to harvest online banking details. Even after a high-profile takedown operation in late 2015, the Dridex botnet seems to be active again. The Dridex virus typically distributes itself through spam messages or emails that include malicious attachments, most often a Microsoft Office file or Word document integrated with malicious macros. Once the malicious file has been clicked, the macros download and install the main payload of the virus – th

Another day, another stunning Malware – this time targeting banks, payment card processors, and other financial services. Security researchers have uncovered a sophisticated payment card malware that executes before the operating system boots, making the malware very difficult to detect and much less remove. The malware in question is part of " Nemesis " – a malware suite that includes all software programs for capturing screens, transferring files, injecting processes, logging keystrokes, and carrying out other malicious activities on the infected computers. Nemesis malware family has been seen in the past, targeting banks, ATMs, financial transaction processing, credit unions, and financial business service companies. Nemesis Bootkit Malware – Reappears even after Re-installation of the OS The malware with bootkit functionality has been in operation since early this year and has the ability to modify the legitimate VBR ( Volume Boot Record ) that ma

Security firm Trend Micro has identified a 20-year-old Brazilian college student responsible for developing and distributing over 100 Banking Trojans selling each for around US$300 . Known online as ' Lordfenix ', ' Hacker's Son ' and ' Filho de Hacker ', the computer science student first began his career by posting in forums, asking for programming help for a Trojan he was developing, researchers said. Developed More than 100 Trojans However, Lordfenix has "grown quite confident in his skills" and began developing and distributing malware tailored to pilfer financial information since at least 2013. "Based on our research, Lordfenix has created more than 100 different banking Trojans , not including his other malicious tools, since April 2013," Trend Micro says . "With each Trojan costing around R$1,000 (roughly $320), this young cybercriminal channeled his talent in programming into a lucrative, illegal venture." Trend Mi

The Law enforcement agencies from six different European countries have taken down a major Ukrainian-based cyber criminals gang suspected of developing, distributing and deploying Zeus and SpyEye banking malware . According to the report on the official website of Europol, authorities have arrested five suspects between June 18 and 19. All the five suspects are the members of an alleged gang that has been accused of infecting tens of thousands of computers worldwide with malware and banking Trojans. The alleged cybercriminal group distributed and used Zeus and SpyEye malware to steal money from several major banks in Europe and outside. The gang constantly modified its malware Trojans to defeat the security protocols of banks and used " mule networks " to launder money. "On the underground digital forums, they actively traded stolen credentials, compromised bank account information and malware," Europol said in a statement on Thursday, "

Security researchers have uncovered an active cyber attack campaign that has successfully stolen more than $1 Million from a variety of targeted enterprise organizations using spear phishing emails, malware and social engineering tricks. The campaign, dubbed " The Dyre Wolf " by researchers from IBM's Security Intelligence division, targets businesses and organizations that use wire transfers to transfer large sums of money, even if the transaction is protected by 2-factor authentication. A MIXTURE OF MALWARE, SOCIAL ENGINEERING & DDoS Nowadays, cybercriminals not only rely on banking Trojans to harvest financial credentials, but also using sophisticated social engineering tactics to attack big corporations that frequently conduct wire transfers to move large sums. " An experienced and resource-backed [cyber criminal] gang operates Dyre ," John Kuhn, Senior Threat Researcher at IBM Managed Security Service, wrote in a blog post published Th

Despite increased online and mobile banking security, banks are more often being targeted by hackers. A hacker group has infiltrated a number of banks and financial institutions in several countries, stealing hundreds of Millions of dollars in possibly the biggest bank heist the world has ever seen. According to a report published by the New York Times on Saturday, hackers have stolen as much as $1 Billion from more than 100 banks and other financial companies in almost 30 nations, making it " the most sophisticated attack the world has seen to date. " In late 2013 , banks in Russia, Japan, Europe, the United States and other countries fell victim to a massive, sophisticated malware hack that allowed the hackers to spy on bank officials in order to mimic their behavior, according to an upcoming report by Kaspersky Labs received by the NY Times. CARBANAK BANKING MALWARE IN THE WILD In order to infect bank staffs, the hacker group sent malicious emails to hun

A new Spam email campaign making the rounds in Germany are delivering a new variant of a powerful banking malware , a financial threat designed to steal users' online banking credentials, according to security researchers from Microsoft. The malware, identified as Emotet , was first spotted last June by security vendors at Trend Micro. The most standout features of Emotet is its network sniffing ability , which enables it to capture data sent over secured HTTPS connections by hooking into eight network APIs, according to Trend Micro. Microsoft has been monitoring a new variant of Emotet banking malware , Trojan:Win32/Emotet.C , since November last year. This new variant was sent out as part of a spam email campaign that peaked in November. Emotet has been distributed through spam messages, which either contain a link to a website hosting the malware or a PDF document icon that is actually the malware. HeungSoo Kang of Microsoft's Malware Protection Center identifi

" The Interview ", the controversial North Korean-baiting film which appeared to be the root cause of the cyber mishap occurred at Sony Pictures Entertainment that threatened terror attack at theaters showing the movie, now threatens to expose users of Android phones to a malware attack. Since its release, everyone is talking about "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un. Because cybercriminals are known to take advantage of major events where there is a high level of public interest, The Interview became their target. In a joint investigation, Security researchers of McAfee and Technische Universität Darmstadt and the Center for Advanced Security Research Darmstadt (CASED) has discovered an Android app claiming to download 'The Interview' comedy on their smartphone devices actually infects users' devices with banking trojan in

One of the oldest active malware families, Pushdo, is again making its way onto the Internet and has recently infected more than 11,000 computers in just 24 hours. Pushdo, a multipurpose Trojan, is primarily known for delivering financial malware such as ZeuS and SpyEye onto infected computers or to deliver spam campaigns through a commonly associated components called Cutwail that are frequently installed on compromised PCs. Pushdo was first seen over 7 years ago and was a very prolific virus in 2007. Now, a new variant of the malware is being updated to leverage a new domain-generation algorithm (DGA) as a fallback mechanism to its normal command-and-control (C&C) communication methods. DGAs are used to dynamically generating a list of domain names based on an algorithm and only making one live at a time, blocking on 'seen' Command & Control domain names becomes nearly impossible. With the help of a DGA, cyber criminals could have a series of advantages

A month after the FBI and Europol took down the GameOver Zeus botnet by seizing servers and disrupting the botnet's operation, security researchers have unearthed a new variant of malware based explicitly on the same Gameover ZeuS that compromised users' computers and collectively formed a massive botnet. GAMEOVER ZEUS TROJAN The massive botnet, essentially a collection of zombie computers, specifically was designed to steal banking passwords with the capability to perform Denial of Service (DoS) attacks on banks and other financial institutions in order to deny legitimate users access to the site, so that the thefts kept hidden from the users. As a result of it, Gameover ZeuS' developers have stolen more than $100 million from banks, businesses and consumers worldwide. NEW GAMEOVER ZEUS TROJAN On Thursday, security researchers at the security firm Malcovery came across a series of new spam campaigns that were distributing a piece of malware based on the Gameover Zeus code which

Cybercriminals have rolled out a new malicious Android application that wraps different varieties of banking fraud trick into a single piece of advanced mobile malware . GOOGLE SERVICE FRAMEWORK - APPLICATION OR MALWARE? Security researchers at the security firm FireEye have came across a malicious Android application that binds together the latest and older hijacking techniques. The malicious Android app combines private data theft, banking credential theft and spoofing, and remote access into a single unit, where traditional malware has had only one such capability included in it. Researchers dubbed the malware as HijackRAT , a banking trojan that comes loaded with a malicious Android application which disguises itself as "Google Service Framework," first and the most advanced Android malware sample of its kind ever discovered, combining all the three malicious activities together. MALWARE FEATURES By giving the remote control of the infected device to hackers,

In an effort to infect large number of people, cybercriminals have developed a new malicious software program that contains functionality to spread itself quickly. Geodo , a new version of the infamous Cridex (also known as Feodo or Bugat ) banking information stealing Trojan works in conjunction with a worm that sends out emails automatically to continue its self-spreading infection method, effectively turning each infected Windows system in the botnet for infecting new targets, Seculert warned . The Infected Windows systems in the botnet network download and install an additional piece of malware (i.e. an email worm) from the Botnet 's command and control servers, provided with approximately 50,000 stolen SMTP account credentials including those of the associated SMTP servers. The stolen SMTP credentials appeared to come from Cridex victims and with the help of those credentials, the malware then sends out emails from legitimate accounts to other potential victim