trojan

In recent months, the HP Wolf Security team has recorded an increase in the activity of Trojans distributed in XLL files. To bypass the blocking of such downloads introduced by Microsoft, attackers send their emails from compromised accounts. In the third quarter of 2023, 80% of malware...

A harmless PDF can take control of your data. Cybersecurity experts from the 360 Threat Intelligence Center team have discovered a new campaign by the APT-C-36 group, known for its targeted phishing attacks. This time, cybercriminals decided to step up their attacks by introducing the Amadey...

DLL Sideloading once again demonstrates its superiority over security tools. The open-source remote access Trojan Quasar RAT uses the DLL Sideloading technique to discreetly extract data from infected Windows-based devices. According to Uptycs researchers, this method uses the system trust...

Researchers analyzed the work of a secretive and very effective malware on Android. Analysts from the information security company F-Secure conducted an in-depth analysis of the Android Trojan Spnote and discovered its extensive capabilities for collecting confidential information. Usually...

If you see a commit from GitHub Dependabot, check the security of the code. Security researchers found unusual commits in hundreds of public and private repositories that were spoofed to appear to be Dependabot commits. The campaign focuses on injecting malicious code into projects to steal...

New features have been added to the Trojan, which helped to clean out crypto wallets and bank customer accounts. The cybercriminals behind a sophisticated Android banking Trojan called Xenomorph have been actively attacking users in Europe for more than a year and recently switched to customers...

The Trojan turns the phones of government employees into a listening device. The hacker group APT36 (Transparent Tribe )was seen using at least three Android apps that mimic YouTube to infect devices with a Remote Access Trojan called CapraRAT. The campaign was discovered by the SentinelLabs...

Social engineering and phishing once again worked perfectly, deceiving many local employees. Cybersecurity researchers at Check Point identified a large-scale phishing campaign targeting more than 40 large companies in various sectors of the economy in Colombia. The attackers ' goal was to...

С конца июня 2023 года был замечен ранее недокументированный банковский троянец Android, получивший название MMRat, нацеленный на мобильных пользователей в Юго-Восточной Азии с целью удаленного присвоения устройств и совершения финансового мошенничества. "Вредоносная программа, названная в...

Think twice before giving a bunch of permissions to unfamiliar programs. Researchers at Trend Micro have discovered a new banking Trojan, MMRat, targeting Android users in Southeast Asia. This is reported in yesterday's report of the company. MMRat is distributed through phishing sites...

The new Android banking Trojan MMRat uses an interesting method to steal and transfer victim data to attackers. In particular, the use of the Protobuf protocol to serialize compromised information is noteworthy. MMRat first came across to researchers from Trend Micro at the end of June 2023...

Naive victims themselves transmit detailed information about themselves to intruders. Users of numerous financial applications in Thailand, Indonesia, Vietnam, the Philippines and Peru are being targeted by the Android banking Trojan "Hud RAT". According to Group-IB researchers, one of the...

In Latin America, a new cyberwizard has been launched, focused on users financial data. A new financial Trojan called JanelaRAT, capable of stealing sensitive data from compromised Windows systems, has targeted Latin American users. According to a recent report from research firm Zscaler...

Chinese cybercriminals continue to improve the Remote Access Trojan (RAT), which appeared ten years ago. According to Cisco Talos experts, the Bisonal Trojan is still used in attacks on Russia, Japan and South Korea. Such dedication to old tools is rare among cybercriminals, the researchers...

Proofpoint discovered a malicious campaign in which cybercriminals from the TA575 group spread Dridex malware using emails about the popular Netflix series Squid Game. The emails contain messages such as “The Squid Game is back, watch the new season before everyone else”, “Client invitations...

IBM X-Force experts discovered the CamuBot banker, which appeared last month in Brazil and is different from most similar threats. CamuBot attacks a wide variety of companies and government agencies, but the main “weapon” of attackers is social engineering. Thus, the authors of the malware...

Article content Hacking a device Researching a device Infector Main module of a Trojan Botnet Goals, objectives and conclusions Hacking a device As in the case of Mirai, the Hajime architecture uses a random IP range generator from which local and service addresses are excluded, after which...

Why would anyone write malware in Python? We're going to do this to learn the general principles of malware development, while at the same time you can practice using this language and apply this knowledge for other purposes. In addition, Python malware occurs naturally, and not all virus...

It is well known that if you suddenly forgot the password for the service, but it is saved in your browser, you can remove it from there. However, it is known that any Trojan that accidentally enters a computer with the same ease will retrieve the stored passwords. Today we will take a look at...

Let's create it in a regular text editor built into Windows. Such a virus will be called a BAT virus. As I write the source code, I will explain what I'm talking about in curly brackets. @Echo off {disallow displaying executable commands on the screen} copy %0 c:virus.bat >nul {copy the file...