Recent Posts

Recent Blog Posts

The PhishLabs Blog

Paul Burbage, Threat Analyst

Recent Posts

Fraudsters take advanced fee scams to the next level

Posted by Paul Burbage, Threat Analyst on Dec 16, '14

We've all seen them before. The late prince Abdul has left us millions in inheritance and we need only provide a minor convenience fee to receive the funds. Advanced fee scams are nothing new and have been circulating the Internet since its inception. Until now, scammers have relied on email correspondence and convincing legal jargon to con victims out of their hard-earned dollars.

Read More

Zeus malware distributed through browser warning: social engineering at its finest

Posted by Paul Burbage, Threat Analyst on Dec 5, '14

Zeus malware continues to plague the Internet with distributions through spam emails and embeds in compromised corners of the web – all designed to exploit unsuspecting consumers. PhishLabs’ R.A.I.D. (Research Analysis and Intelligence Division) recently observed the Zeus malware being distributed through an alarmingly convincing browser warning that prompts viewers to download and “restore settings.”

Figure 1 shows the browser warning which is designed to manipulate viewers so that they believe the alert is based on security preferences that he or she has previously set up. The message creates a sense of urgency and fear, warning of “unusual activity.” The path of origin for how victims encounter this browser message is still under investigation by the PhishLabs R.A.I.D.

Read More

Topics: ZeuS, Banking Trojan

Vulnerabilities found in Dendroid mobile Trojan

Posted by Paul Burbage, Threat Analyst on Aug 18, '14

On Friday, the full source code of the Dendroid Remote Access Trojan (RAT) was leaked. Dendroid is a popular crimeware package that targets Android devices and is sold on underground forums for $300. Usually the source code for botnet control panels is encrypted, so it was surprising to find the full source code for the Dendroid control panel included in the leaked files. Analyzing the leaked code revealed multiple vulnerabilities due to a lack of user input validation including Cross-Site Scripting (XSS), Arbitrary File Upload, SQL Injection, and PHP Code Execution.

Read More

Topics: Malware, Threat Analysis, Trojan, Crimeware, Android

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all