Trojan Archives - Cyber Security Minute

Fleckpe Trojan Infects 620K Devices Via Google Play

Issued by: DataBreach Today

Researchers found Android malware masquerading as a legitimate application available and downloaded over 620,000 times from the Google Play store. The apps have been active since 2022, posing as legitimate photo-editing apps, camera editors and smartphone wallpaper packs. Researchers found 11 legitimate applications infected with the malware, dubbed Fleckpe by Kaspersky, which have been since…

Mobile Security

Latest version of Xenomorph Android malware targets 400 banks

Issued by: Security Affairs

The author of the Xenomorph Android malware, the Hadoken Security Group, continues to improve their malicious code. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information…

Malware & Threats

New Banking Trojan Targeting 100M Pix Payment Platform Accounts

Issued by: Dark Reading

A new Android banking Trojan called PixPirate is targeting more than 100 million Brazilian Pix instant payment accounts. The Pix payment platform was created and is operated by the Brazil Central Bank, and it’s used to make instant mobile payments across Latin America using a variety of banks. Researchers with the Cleafy TIR Team —…

Malware & Threats

New ‘Alchimist’ Attack Framework Targets Windows, Linux, macOS

Issued by: Security Week

Dubbed Alchimist and already used in the wild, the attack framework is implemented in GoLang, the same as the Insekt RAT that it implants on compromised systems. The attack framework provides a web interface written in simplified Chinese that allows operators to generate and deploy malicious payloads, establish remote connections, execute code on the compromised…

Malware & Threats

Emotet Banking Trojan Resurfaces, Skating Past Email Security

Issued by: Dark Reading

Malware botnet Emotet has resurfaced in a more advanced form after having been taken down by joint international task force in January 2021. A prolific threat throughout the pandemic, the Emotet malware began as a banking trojan in 2014, and its operators were one of the first criminal groups to provide malware-as-a-service (MaaS). While it…

Malware & Threats

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT

Issued by: Dark Reading

Cybercriminal use of the Linux Trojan known as XorDdos is on the rise, according to a new report, which found a 254% increase in malicious activity against Linux endpoints using the malware over the last six months. It was first discovered in 2014, and the Microsoft 365 Defender Research Team explained in a recent blog…

Malware & Threats

‘Octo’ Android Trojan Allows Cybercrooks to Conduct On-Device Fraud

Issued by: Security Week

Dubbed Octo, the botnet was first mentioned on dark web forums in January 2022, but an analysis of its code revealed a close connection with ExobotCompact, which is believed to be the successor of the Exobot Android trojan, which in turn was based on the source code of the Marcher trojan. Exobot was used in…

Malware & Threats

Emotet Using TrickBot to Get Back in the Game

Issued by: Security Week

Emotet, which emerged in 2014, became one of the most prevalent threats of the decade, evolving into a malware downloader that allowed cybercriminals to disseminate malware such as TrickBot, the Ryuk ransomware, and the QakBot banking Trojan, as well as various other threats. In January 2021, law enforcement agencies announced they were able to take…

Malware & Threats

BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms

Issued by: Dark Reading

Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamers’ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin. With features to avoid analysis and detection, a low subscription price, and some interesting capabilities, BloodyStealer is a prime example of the types of…

Malware & Threats

LemonDuck no longer settles for breadcrumbs

Issued by: Blog Malwarebytes

LemonDuck has evolved from a Monero cryptominer into LemonCat, a Trojan that specializes in backdoor installation, credential and data theft, and malware delivery, according to the Microsoft 365 Defender Threat Intelligence Team, which explained their findings in a two-part story [1][2] on the Microsoft Security blog. LemonDuck Trojan.LemonDuck has always been an advanced cryptominer that…