trojan

Google Ads is used to run a sophisticated campaign. In recent weeks, Threat Down experts have seen a surge in malicious ads on Google aimed at IT professionals. The campaign aims to gain access to victims systems and steal confidential data. Research has shown the use of a single...

QakBot's successor now attacks users through Samba servers. Specialists of Palo Alto Networks Unit 42 discovered the DarkGate campaign, which uses Samba file resources to distribute the Trojan. Activity was observed in March and April 2024, when DarkGate used public Samba servers hosting VBS...

The mining, manufacturing, hotel and utility industries are under attack. Since February 2024, Spanish-speaking users have been targeted by a new phishing campaign spreading a remote access Trojan (RAT) called Poco RAT. The attacks target companies in the mining, manufacturing, hotel and...

A new trick of cybercriminals is different insidious and resourceful. Attackers are actively using malware called NiceRAT to create a botnet from infected devices. These attacks target users from South Korea and are distributed through local file sharing sites and blogs under the guise of...

A multi-stage attack process helps to bypass the protection of antivirus and EDR systems. Cybersecurity researchers have discovered an updated version of the ValleyRAT malware distributed as part of a new malware campaign. "The latest version of ValleyRAT introduces new commands such as...

Doctor Web warns about the emergence of a new family of banking Trojans for Android devices, called Android.BankBot.Coper. Malware of this family has a modular architecture and a multi-stage infection mechanism, as well as a set of defensive techniques that help them resist removal. All this...

We have already written about Hesperbot; this threat is a new banking malware and has a modular architecture. Attackers used it to carry out attacks on users in various countries, including Turkey, the Czech Republic, Portugal and the UK. The main goal of the attacks was to steal confidential...

In mid-August, we discovered a malware distribution campaign that was targeting the Czech Republic. It came to our attention because the malware files were distributed through URLs that closely resembled those of the Czech Postal Department. Further analysis of the files showed that we are...

VIRUS IDENTIFICATION Type of virus: targeted attack of increased complexity, Trojan program, malware. What is Metel? Metel is a banking Trojan (also known as Corkow) that was discovered in 2011. Then it was used to attack users of online banking systems. In 2015, the Metel group began to attack...

Metabase Q experts have discovered a new malware designed to steal cash from ATMs running Windows. How infection occurs has not been established, but most likely it requires physical access to the device. An analysis of the sample carried out by the cybersecurity company showed that the Trojan...

Kaspersky Lab has discovered and analyzed interesting malware that targets banks and banking networks. This is a whole software package consisting of about 30 different modules that can remain in the banking network undetected for a long time. The Metel system is called (there is also another...

Details of the attack and methods of operation of the new banking Trojan. Brazilian banking institutions have become the target of a new campaign to distribute a special version of the remote access Trojan AllaKore for Windows called AllaSenha. The RAT Trojan is designed to steal credentials...

One day you want to sell something on Avito and, having posted a detailed description of your product (for example, a RAM module), you will receive this message. Once you open the link, you will see a seemingly innocuous page notifying you, the happy and successful seller, that a purchase has...

Aimed also at Russian-speaking users, the malware uses advanced methods of disguise and lull vigilance. Researchers at discovered a new banking Trojan that targets Android devices. Sophisticated malware has many dangerous features, including overlay attacks, keylogging, and masking techniques...

This time the malware went far beyond Latin America… The hacker group behind the Grandoreiro banking Trojan for Windows has resumed its global campaign since March 2024, following a law enforcement operation to dismantle its infrastructure in January. According to IBM X-Force, large-scale...

Kaspersky Lab has announced the discovery of the "most advanced" cyber espionage network, named Careto (from the Spanish word harya, erysipelas). In Russian, the network and its associated Trojan are called "Mask", in English - The Mask. The researchers gave the name Careto to the Trojan after...

Авторы обновленного вредоносного ПО ZLoader добавили функцию, которая изначально присутствовала в Zeus banking trojan, на которой оно основано, что указывает на его активную разработку. "В последней версии 2.4.1.0 добавлена функция предотвращения выполнения на машинах, отличных от исходного...

Godfather is back. The Android Trojan attacks clients of banks, cryptocurrency exchanges, and e-wallets. It is distributed through the official Google Play Store under the guise of legal crypto applications. Interestingly, the Trojan bypasses users from Russia and the CIS. The geography of...

The "Dream Job" operation does not slow down, using a long chain to hide the infection. Lazarus Group, a prominent hacker group traditionally associated with North Korea, used tempting job offers to deliver a new remote access trojan (RAT) called Kaolin RAT as part of attacks targeting specific...

How Google Chrome updates help you remotely control a victim's phone. ThreatFabric identified it A new malicious application called Brokewell that can record every action on your device, from tapping to typing and launching apps. The Trojan is distributed via a fake update Google Chrome in the...