There has been one hacking group, which has contributed to the development of Android-based Banking Trojans, and this is the Cron hacking group. They are believed to originate from Russia, and despite the success of their campaigns, which garnered them heaps of cash, they ended up being caught by the Russian law-enforcement authorities in 2017. However, some of their hacking tools are still being propagated online by other ill-minded actors. One of these tools is the Catelites Android Banking Trojan (also known as Catelites Bot). Poses as a Legitimate Application The creators of the Catelites Banking Trojan have made sure to put some effort into making this threat appear as an authentic application. It is likely that the Catelites Trojan is hosted on shady application stores or third-party web pages that host dubious content. In...

Posted on September 4, 2019 in Malware


The Marcher Trojan is a strain of Android malware that has been active since 2013 and is also known under the alias Rahunok. Throughout the years, a number of updates have been introduced to the Marcher project, making it even more threatening. At first, the Marcher Trojan served to collect Google Playstore login credentials. However, with some of the recent upgrades, the Marcher Trojan has also been enabled to access the text messages of the user, thus having the ability to bypass the two-factor authentication that some websites have. Propagation Methods It appears that the main propagation methods involved in the spreading of the Marcher Android Trojan are bogus application downloads, spam text messages and shady application stores. The Marcher Trojan has several different variants, which are meant to support different banking...

Posted on September 4, 2019 in Trojans

Peta Ransomware

There are more and more ransomware threats popping up each day as malware experts struggle to study and analyze them. Many cyber crooks choose to spare their efforts, and instead of building a data-locking Trojan from the ground up, they decide to borrow the code of an already established threat and only slightly change it. Propagation and Encryption This is the case of the newly uncovered Peta Ransomware. Once discovered, it was quickly revealed that this threat belongs to the infamous STOP Ransomware family. It is not yet known what propagation methods are the attackers employing. Some speculate that the most commonly used infection vectors may be at play in the spreading of the Peta Ransomware – spam emails containing macro-laced attachments alongside fake software updates and bogus pirated copies of popular applications. A quick...

Posted on September 4, 2019 in Ransomware

MGS Ransomware

More and more cyber crooks turn to ransomware threats as an easy way to generate a quick buck. One does not even need to be very experienced to create and distribute a file-locking Trojan as a majority of them are simply based on the code of already existing ransomware threats. Propagation and Encryption Today's data-encrypting Trojan falls into this category. The MGS Ransomware has not been built from scratch but is instead a variant of the notorious Dharma Ransomware. Malware researchers have not yet concluded what the infection vectors employed in the propagation of the MGS Ransomware are. It is likely that the creators of this nasty threat are using pirated fake copies of popular software, mass spam email campaigns, and bogus application updates to spread the MGS Ransomware. The MGS Ransomware will locate all the files it was...

Posted on September 4, 2019 in Ransomware


The Asacub banking Trojan was first spotted back in 2015. This Trojan is Android-based and has managed to cause a fair bit of trouble over the years. The peak of the Asacub Banking Trojan’s activity was in 2017 when it was declared to be the most widely propagated Banking Trojan that is based on Android. The Asacub Trojan’s operators have introduced several updates in the four years that this threat has been active. Sometimes these updates will be introduced every few months further weaponizing the Asacub banking Trojan. Targets Russians Mostly Most of the activity of the Asacub Trojan is concentrated in Russia. However, there have been campaigns targeting banks located in the United States, Poland, the Czech Republic and also Ukraine. The Asacub Trojan is not too complex, and the phishing messages that it displays to users contain an...

Posted on September 3, 2019 in Trojans


The Russian-based Cron hacking group has developed a threat that carries the same name – the Cron Android banking Trojan. Its purpose is to defraud users and collect money. The Cron hacking group has been very successful in propagating this banking Trojan as malware researchers have estimated that this threat appears to have compromised over 1,000,000 Android devices globally. The Russian law-enforcement authorities have acted swiftly and taken down the Cron hacking group so that it is likely that the propagation of this nasty threat will soon stop. However, do not be too quick to celebrate as the Cron banking Trojan gained some popularity, and it is likely that other shady individuals may have gotten their hands on this Trojan. Propagation Methods Cybersecurity experts believe that the operators of the Cron Banking Trojan have...

Posted on September 3, 2019 in Malware

Hese Ransomware

There are countless ransomware threats circulating the Web with new ones emerging daily. Malware researchers are struggling to keep up with all the new data-locking Trojans that pop-up on a regular basis. Propagation and Encryption One of the most recently uncovered file-encrypting Trojans is the Hese Ransomware. Once it was dissected, this ransomware threat revealed to be a variant of the notorious STOP Ransomware. Malware experts have not reached a consensus regarding the propagation methods involved in the spreading of this ransomware threat. Some believe that the attackers are using the most common methods of propagating threats of this type, which are mass spam email campaigns, bogus application updates and pirated fake variants of popular software. As soon as the Hese Ransomware infects a host, it will scan it to locate the files...

Posted on September 3, 2019 in Ransomware


It is not an unexpected practice for the cybercriminals to sell or rent their hacking tools to other shady individuals online. This is exactly the case of the Tiny.z Android Banking Trojan. Its creators are offering a $2,000 monthly subscription to the Tiny.z Trojan on various hacking forums. Despite the high price, there were takers as the Tiny.z Banking Trojan is a well-built and very potent hacking tool. It has been speculated that the infamous Russian-based hacking group called Cron is one of the actors propagating the Tiny.z Banking Trojan. Wide Reach The Cron hacking group operates in Russia mainly, but in 2016, they had decided to begin expanding their reach to other countries too. It is likely that about the same time they got their hands on the Tiny.z Banking Trojan. One of the biggest advantages of the Tiny.z Banking Trojan...

Posted on September 3, 2019 in Malware

Astaroth 'Great Duke Of Hell' Fileless Malware Attack Campaigns Propagate to Spread Threat

Astaroth 'Great Duke Of Hell' Fileless Malware Attack Campaigns Propagate to Spread Threat screenshot

Microsoft recently lifted the veil on how one very unpleasant fileless malware that works to steal data without ever having to be installed on a victim's machine – Astaroth. The recent published report by the Microsoft Research team that opened the lid on the activities of the Astaroth fileless malware forced the threat actors behind it to change their tactics. They ran a new campaign in August with a few notable changes, specifically using Cloudflare Workers. The new campaign is actively distributing the new Astaroth Trojan variant by abusing the Cloudflare Workers computer platform due to its serverless nature to avoid detection and to block potential automated analysis done by...

Posted on September 3, 2019 in Computer Security

Compromised BleachBit Website Infects Users with the Data-Stealing AZORult Malware

Compromised BleachBit Website Infects Users with the Data-Stealing AZORult Malware screenshot

BleachBit is a well-known application among Linux, Windows, and macOS users who wish to reclaim disk space by deleting disposable data. Having over one million downloads on Sourceforge, BleachBit has gained a significant momentum, while cyber crooks have found a way to monetize the huge popularity of the tool. They have created a fake copy of the official BleachBit website through which they spread an info-stealing malware threat named AZORult.  For AZORult, it is known that it has been around since 2016 and that it is quite accessible - those interested could buy it for about $100 on Russian hacking forums. It is able to collect a broad variety of sensitive user data, like saved logins,...

Posted on September 3, 2019 in Computer Security

Twitter Temporarily Suspends SMS-Tweeting Feature After CEO's Account is Abused by Hacker Group

Twitter Temporarily Suspends SMS-Tweeting Feature After CEO's Account is Abused by Hacker Group screenshot

In the world of today's social media, anything that is said can be used against you, at any time. As it turns out, Twitter announced that it would turn off its Tweet via SMS feature for an unspecified period of time after hackers abused and posted from two high-profile accounts, one belonging to Twitter CEO and co-founder, Jack Dorsey. By potentially exploiting a vulnerability within Twitter's tweet via SMS feature, hackers were able to hijack Dorsey's Twitter feed and post racial slurs along with a fake bomb threat aimed at the headquarters of Twitter. The tweets, as you could imagine, stirred up some serious commotion and concern. Upwards of 4.2 million of his Dorsey's followers on...

Posted on September 2, 2019 in Computer Security

Ares Botnet

The creation of botnets has been a widespread practice in the world of cybercrime. However, with more and more devices becoming 'smart' and thus connected to the Internet, a new niche for exploitation has opened up, and cyber crooks around the world have not failed to notice. This has lead to the creation of botnets, which consist exclusively of IoT (Internet-of-Things) devices. These devices are particularly vulnerable to cyber attacks as they often lack any security measures or have very weak ones in place. Among the most recently detected IoT botnets is the Ares Botnet. Apparently, the creators of the Ares Botnet have been wildly successful as this botnet's activity makes up more than 11% of all IoT botnet activity globally. Can Use Brute-Force to Get Login Credentials The creators of the Ares Botnet propagate their malware via...

Posted on September 2, 2019 in Botnets


The Android OS takes up about 88% (according to a Statista report) of the global market share, making it the most popular OS for smartphones with a huge leading margin. The largest application platform for Android is the Google Play Store. Having in mind the sheer number of Android devices in the world and the countless applications tailored for them it is easy to see how the Google Play Store is struggling to keep off all the potentially malicious apps which may end up on their platform. Among these malicious applications that have slipped between the cracks is the 'CamScanner' app, which has managed to get over 100,000 downloads. Its software is supposed to be able to convert a photo of a document into a PDF file which the user will be able to edit. New Update Contains a Trojan The free variant of the application displays ads, which...

Posted on September 2, 2019 in Malware


The TipTop hacking group is a notorious group of hackers that is likely to originate from the Russian Federation. One of their most popular hacking tools is Hqwar – an Android-based Banking Trojan. The Russian law-enforcement authorities, in cooperation with malware experts, have managed to stop the TipTop hacking group's campaign. However, this does not mean we have seen the end of the Hqwar Trojan. It is very likely that other cyber crooks have employed the Hqwar Banking Trojan for their own malicious operations as this Trojan is known for supporting various mobile banking web pages and applications. Able to Bypass Two-Factor Authentication Many banking portals and applications have employed two-factor authentication to guarantee maximum security to their users. However, cleverly designed banking Trojans like the Hqwar threat are...

Posted on September 2, 2019 in Malware

CMD Ransomware

CMD Ransomware screenshot

In these times, it is easy than ever to create data-locking Trojans. Even cyber crooks with little experience can build one if they borrow the code of already existing ransomware threats and only slightly tweak it. And this is what the creators of the newly uncovered CMD Ransomware have done. Propagation and Encryption Upon inspecting the CMD Ransomware, malware researchers concluded that this file-encrypting Trojan is a variant of the popular Dharma Ransomware. The propagation techniques involved in the spreading of the CMD Ransomware are not yet known. Some security experts believe that emails containing macro-laced attachments, fake software updates, and bogus pirated variants of...

Posted on September 2, 2019 in Ransomware
1 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 1,370