In November 2023, researchers from ThreatFabric observed a resurgence of the Anatsa banking Trojan, aka TeaBot and Toddler. Between November and February, the experts observed five distinct waves of attacks, each focusing on different regions. The malware previously focused its activities on the UK, Germany, and Spain, but the latest campaigns targeted Slovakia, Slovenia, and…

Researchers have discovered a novel banking Trojan they dubbed “Coyote,” which is hunting for credentials for 61 different online banking applications. “Coyote,” detailed by Kaspersky in an analysis today, is notable both for its broad targeting of banking-sector apps (the majority, for now, in Brazil), and its sophisticated interweaving of different rudimentary and advanced components:…

Active since early 2023, the malware initially targeted mobile banking applications in Australia and Poland, but has since expanded its reach to the UK and Italy. When initially uncovered, ThreatFabric explains, Chameleon used multiple loggers, had limited malicious functionality, and contained various unused commands, suggesting that it was still under development. Employing a proxy feature…

Researchers found Android malware masquerading as a legitimate application available and downloaded over 620,000 times from the Google Play store. The apps have been active since 2022, posing as legitimate photo-editing apps, camera editors and smartphone wallpaper packs. Researchers found 11 legitimate applications infected with the malware, dubbed Fleckpe by Kaspersky, which have been since…

The author of the Xenomorph Android malware, the Hadoken Security Group, continues to improve their malicious code. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information…