The PhishLabs Blog

Android.Trojan.Marcher - Part Two


About Part One

Last week I posted a blog analyzing "Marcher" - malware targeting the Android platform. Designed to steal mobile banking app credentials from banking customers, it is one of the most prevalent Android password stealers seen in the wild. Read part one here.

Read More

Topics: Malware, Trojan, Android, Banking Trojan

Android.Trojan.Marcher


Part 1 of 3

"Marcher" is malware targeting the Android platform. It is designed to steal mobile banking app credentials from customers of many different financial institutions. Distributed through a variety of means, it is one of the most prevalent Android password stealers seen in the wild, second only to Svpeng.

Read More

Topics: Malware, Trojan, Android

New POS Malware, Hotel Credit Card Breach, Windows Vulnerability and more | TWIC - March 6, 2015

Posted by Lindsey Havens on Mar 6, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, Trojan, Vulnerability, The Week in Cybercrime, POS Attacks, Hacked

DDoS Threat Advisory, Compromised cPanel Exploit Kit, Router Pharming Attacks and more | TWIC - February 27, 2015

Posted by Lindsey Havens on Feb 27, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Malware, Exploit, Trojan, The Week in Cybercrime, Hacked

Carbanak Banking Malware, State Tax Refund Fraud, Phone Spying and more | TWIC - February 20, 2015

Posted by Lindsey Havens on Feb 20, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, Fraud, Trojan, The Week in Cybercrime, Android

Vawtrak Expands, Simplocker Ransomware, Mobile Malware and more | TWIC - February 13, 2015

Posted by Lindsey Havens on Feb 13, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, Trojan, The Week in Cybercrime, Data Breach, Ransomware

Enhancements to Dyre Banking Trojan


The Dyre banking Trojan made its first debut in June 2014, targeting large financial institutions across the globe. In September, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) observed a number of enhancements to the banking Trojan that further increases the danger of the threat.

Banking Trojans Expand Beyond Financial Targets

The most recent attack utilizing the Dyre Trojan targeted the cloud computing company, Salesforce.com. Historically, banking Trojans were used to steal account credentials of banking customers but now sensitive business data is being stolen from companies in the healthcare industry, retail, software industry and others. Malicious software developers are seeking access to organizational systems and operating systems to steal data that would aid in identity theft for purposes of committing fraud. Attackers remain patient and persistent; evolving the tools, harvesting the data and attacking when it is unexpected.

Read More

Topics: Lure, Trojan, Dyre Banking Trojan

Vawtrak Gains Momentum and Expands Targets


Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.

What You Need to Know

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, Trojan, ATO, Vawtrak

“Smash & Grab” cybercrime attacks have been active since mid-June


Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash  & Grab,” targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab” operations have been active since at least mid-June using the same phishing and malware combination tactics described in the initial report. Our analysis also indicates a possible connection to cybercriminal actors currently or previously involved in GameOver Zeus operations.

Read More

Topics: Phishing, Malware, Threat Intelligence, Trojan, Crimeware

Vulnerabilities found in Dendroid mobile Trojan

Posted by Paul Burbage, Threat Analyst on Aug 18, '14

On Friday, the full source code of the Dendroid Remote Access Trojan (RAT) was leaked. Dendroid is a popular crimeware package that targets Android devices and is sold on underground forums for $300. Usually the source code for botnet control panels is encrypted, so it was surprising to find the full source code for the Dendroid control panel included in the leaked files. Analyzing the leaked code revealed multiple vulnerabilities due to a lack of user input validation including Cross-Site Scripting (XSS), Arbitrary File Upload, SQL Injection, and PHP Code Execution.

Read More

Topics: Malware, Threat Analysis, Trojan, Crimeware, Android

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_