Our latest banking malware analysis

Vadokrist is a banking trojan designed to steal banking credentials from mainly Brazilian entities. As such, it shares some of its functionalities with other families such as Grandoreiro or Mekoito, which also target Latin America in particular.
READ FULL ARTICLE
2020 has been a year marked by a virus, not one of the ones we usually talk about, but a biological one. COVID-19 monopolized people's attention the past year, including among malware developers.
READ FULL ARTICLE
On December 8th, FireEye announced that it had suffered an attack in which the company's proprietary Red Team tools were exposed. In response, they published IOCs that allow the use of the tools to be identified.
READ FULL ARTICLE
Since June of this year and throughout the last quarter of the year, a banking malware for Windows systems has been increasing its number of victims and stealing their banking credentials. Mispadu is a Brazilian banking trojan that has been around since the end of 2019, however, it didn't become very active until this winter.
READ FULL ARTICLE
BBtok is a new banking trojan whose authors seem to be focused, at least for the time being, on infecting and stealing the credentials of Mexican users. In the event that the victim who executes the dropper sent by email does not use a Mexican connection, it will not continue with the download and installation of the second dropper and the rest of the modules.
READ FULL ARTICLE
Grandoreiro (also known as Delephant) is one of the most active Windows banking trojans in recent months. Its developers seem to be especially interested in Spanish and Latin American users, since the affected banking entities belong to these regions.
READ FULL ARTICLE
TrickBot is a modular malware that has been involved in numerous campaigns, used most recently for the deployment of other malware. The latest enhancements to this malware include a module that inspects devices for firmware vulnerabilities.
READ FULL ARTICLE
GravityRAT, as its name suggests, is a malicious software that allows its operators to obtain remote control of the infected device. This is what's known as a Remote Access Tool. This type of malware has been quite popular on desktop systems, but not so much on mobile devices.
READ FULL ARTICLE
Ghimob is the new banking trojan for Android that has joined ‘The Tetrade’, the name by which the set of Brazilian banking trojans is known, which in addition to having shared functionalities, have also begun to gradually expand throughout the world in recent months, thanks to the inclusion of new entities on their lists of affected banking entities.
READ FULL ARTICLE
As already discussed in previous reports and publications about banking malware and malware in general, both for mobile devices and for computers, one of the most popular threats today is ransomware.
READ FULL ARTICLE

Did you like it? Share in your social communities.