Recent Posts

Recent Blog Posts

The PhishLabs Blog

RedAlert2 Mobile Banking Trojan Actively Updating Its Techniques

Posted by Joshua Shilko on Sep 25, '17

RedAlert2, an Android banking Trojan, has received a significant amount of attention since first noted last week (read more in this article by Bleeping Computer). The high level of interest in this Trojan is due to the fact that the code base appears to be completely new and the Trojan itself includes some unique functionality.  The PhishLabs Research, Analysis, and Intelligence Division (R.A.I.D.) recently identified a new sample which exhibits changed tactics, techniques, and procedures relative to previous samples. We’ll review some of the interesting features of RedAlert2 before identifying the changes observed in the most recent sample.

Read More

Topics: Android, Banking Trojan, Mobile Crimeware

The Evolution of Mobile Banking Trojans… and What To Do About Them (Part II)

Posted by Joshua Shilko on Aug 15, '17

In the last article, we looked at why threat actors have flocked to the mobile space in droves, and which tools they’re using to ply their trade.

And naturally, no discussion of mobile threats would be complete without a detailed look at the most concerning current mobile threat: mobile banking trojans.

Since we’ve already covered the most common functionality, permissions, and distribution mechanisms, it only makes sense to take things a stage further and look at specific banking trojan families. To that end, in this article we’ll be looking at the two of the most widespread families: Marcher and BankBot.

Once we’re through with that, we’ll go over some of the things organizations and individuals can do to avoid falling prey to mobile banking trojans in the future.

Read More

Topics: Phishing, Android, Banking Trojan

Marcher Android Malware Increases its Geographic Reach

Posted by Joshua Shilko on Jun 23, '16

Earlier this year, PhishLabs wrote an in-depth analysis on Marcher, an Android Banking Trojan which is available for purchase as a kit on underground marketplaces. Marcher runs in the background on an infected device and monitors its operation to detect the launch of specific applications or websites. When a targeted application or site is opened, Marcher overlays the screen with a customized phishing site which mimics the look and feel of the targeted institution. Recent samples of Marcher have demonstrated an increase in total number of targeted institutions as well as a spread to additional geographic locations.

Read More

Topics: Malware, Android, marcher

Android.Trojan.Marcher - Conclusion


About Parts One and Two

This post is a conclusion to a three-part blog analyzing "Marcher" malware that targets the Android platform. Read part one here and part two here.  To round out the discussion, let’s cover the network and host indicators associated with this trojan.
Read More

Topics: Phishing, Malware, Threat Intelligence, Android, Banking Trojan

Android.Trojan.Marcher - Part Two


About Part One

Last week I posted a blog analyzing "Marcher" - malware targeting the Android platform. Designed to steal mobile banking app credentials from banking customers, it is one of the most prevalent Android password stealers seen in the wild. Read part one here.

Read More

Topics: Malware, Trojan, Android, Banking Trojan

Android.Trojan.Marcher


Part 1 of 3

"Marcher" is malware targeting the Android platform. It is designed to steal mobile banking app credentials from customers of many different financial institutions. Distributed through a variety of means, it is one of the most prevalent Android password stealers seen in the wild, second only to Svpeng.

Read More

Topics: Malware, Trojan, Android

Texting Malware, PoS System Targeting, Sniper Rifle Hack, and more | TWIC - July 31, 2015

Posted by Lindsey Havens on Jul 31, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Vulnerability, Hacker Tools, The Week in Cybercrime, Phone Fraud, Android, POS Attacks, Hacked, Patch, iOS

JP Morgan Arrests, Android Malware, Healthcare Threats, and more | TWIC - July 24, 2015

Posted by Lindsey Havens on Jul 24, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Malware, Hacker Tools, The Week in Cybercrime, Phone Fraud, Account Takeover, Android, Hacked, Patch, Arrests

Flash Player Patches, Darkode Takedown, Disguised CryptoWalls, and more | TWIC - July 17, 2015

Posted by Lindsey Havens on Jul 17, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, DDoS, Exploit, Adobe, The Week in Cybercrime, Account Takeover, Android, Hacked, Patch, Arrests

WordPress Vulnerability, AT&T Insider Breach, Crypto-ransomware and more | TWIC - April 10, 2015

Posted by Lindsey Havens on Apr 10, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: The Week in Cybercrime, Crimeware, Android, Data Breach, Ransomware

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all