Trojan Archives - Cyber Security Minute

Latest version of Xenomorph Android malware targets 400 banks

Issued by: Security Affairs

The author of the Xenomorph Android malware, the Hadoken Security Group, continues to improve their malicious code. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information…

Malware & Threats

New Banking Trojan Targeting 100M Pix Payment Platform Accounts

Issued by: Dark Reading

A new Android banking Trojan called PixPirate is targeting more than 100 million Brazilian Pix instant payment accounts. The Pix payment platform was created and is operated by the Brazil Central Bank, and it’s used to make instant mobile payments across Latin America using a variety of banks. Researchers with the Cleafy TIR Team —…

Malware & Threats

New ‘Alchimist’ Attack Framework Targets Windows, Linux, macOS

Issued by: Security Week

Dubbed Alchimist and already used in the wild, the attack framework is implemented in GoLang, the same as the Insekt RAT that it implants on compromised systems. The attack framework provides a web interface written in simplified Chinese that allows operators to generate and deploy malicious payloads, establish remote connections, execute code on the compromised…

Malware & Threats

Emotet Banking Trojan Resurfaces, Skating Past Email Security

Issued by: Dark Reading

Malware botnet Emotet has resurfaced in a more advanced form after having been taken down by joint international task force in January 2021. A prolific threat throughout the pandemic, the Emotet malware began as a banking trojan in 2014, and its operators were one of the first criminal groups to provide malware-as-a-service (MaaS). While it…

Malware & Threats

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT

Issued by: Dark Reading

Cybercriminal use of the Linux Trojan known as XorDdos is on the rise, according to a new report, which found a 254% increase in malicious activity against Linux endpoints using the malware over the last six months. It was first discovered in 2014, and the Microsoft 365 Defender Research Team explained in a recent blog…

Malware & Threats

‘Octo’ Android Trojan Allows Cybercrooks to Conduct On-Device Fraud

Issued by: Security Week

Dubbed Octo, the botnet was first mentioned on dark web forums in January 2022, but an analysis of its code revealed a close connection with ExobotCompact, which is believed to be the successor of the Exobot Android trojan, which in turn was based on the source code of the Marcher trojan. Exobot was used in…

Malware & Threats

Emotet Using TrickBot to Get Back in the Game

Issued by: Security Week

Emotet, which emerged in 2014, became one of the most prevalent threats of the decade, evolving into a malware downloader that allowed cybercriminals to disseminate malware such as TrickBot, the Ryuk ransomware, and the QakBot banking Trojan, as well as various other threats. In January 2021, law enforcement agencies announced they were able to take…

Malware & Threats

BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms

Issued by: Dark Reading

Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamers’ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin. With features to avoid analysis and detection, a low subscription price, and some interesting capabilities, BloodyStealer is a prime example of the types of…

Malware & Threats

LemonDuck no longer settles for breadcrumbs

Issued by: Blog Malwarebytes

LemonDuck has evolved from a Monero cryptominer into LemonCat, a Trojan that specializes in backdoor installation, credential and data theft, and malware delivery, according to the Microsoft 365 Defender Threat Intelligence Team, which explained their findings in a two-part story [1][2] on the Microsoft Security blog. LemonDuck Trojan.LemonDuck has always been an advanced cryptominer that…

Malware & Threats

A week in security (February 15 – February 21)

Issued by: Blog Malwarebytes

Last week on Malwarebytes Labs, the spotlight fell on the State of Malware 2021 report, wherein we have seen cyberthreats evolve. We also touched on ransomware, such as Egregor and a tactic known as Remote Desktop Protocol (RDP) brute forcing that has long been part of the ransomware operators’ toolkit; insider threats, such as what…