Tag: banking trojan
9 attack reports | 0 vulnerabilities
Attack reports
Grandoreiro banking trojan: overview of recent versions and new tricks
Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
Downloadable IOCs 0
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
Downloadable IOCs 94
European Banks Already Under Attack by New Malware Variant
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
Downloadable IOCs 0
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
Downloadable IOCs 16
The trojan horse that wanted to fly
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
Downloadable IOCs 4
Mekotio Banking Trojan Threatens Financial Systems in Latin America
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
Downloadable IOCs 15
Android Banking Malware Distributed via Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 4
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 0
Grandoreiro banking trojan: overview of recent versions and new tricks
Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
Downloadable IOCs 0
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
Downloadable IOCs 94
European Banks Already Under Attack by New Malware Variant
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
Downloadable IOCs 0
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
Downloadable IOCs 16
The trojan horse that wanted to fly
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
Downloadable IOCs 4
Mekotio Banking Trojan Threatens Financial Systems in Latin America
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
Downloadable IOCs 15
Android Banking Malware Distributed via Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 4
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 0
Grandoreiro banking trojan: overview of recent versions and new tricks
Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
Downloadable IOCs 0
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
Downloadable IOCs 94
European Banks Already Under Attack by New Malware Variant
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
Downloadable IOCs 0
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
Downloadable IOCs 16
The trojan horse that wanted to fly
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
Downloadable IOCs 4
Mekotio Banking Trojan Threatens Financial Systems in Latin America
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
Downloadable IOCs 15
Android Banking Malware Distributed via Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 4
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 0
Grandoreiro banking trojan: overview of recent versions and new tricks
Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
Downloadable IOCs 0
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
Downloadable IOCs 94
European Banks Already Under Attack by New Malware Variant
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
Downloadable IOCs 0
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
Downloadable IOCs 16
The trojan horse that wanted to fly
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
Downloadable IOCs 4
Mekotio Banking Trojan Threatens Financial Systems in Latin America
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
Downloadable IOCs 15
Android Banking Malware Distributed via Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 4
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 0
Grandoreiro banking trojan: overview of recent versions and new tricks
Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
Downloadable IOCs 0
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
Downloadable IOCs 94
European Banks Already Under Attack by New Malware Variant
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
Downloadable IOCs 0
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
Downloadable IOCs 16
The trojan horse that wanted to fly
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
Downloadable IOCs 4
Mekotio Banking Trojan Threatens Financial Systems in Latin America
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
Downloadable IOCs 15
Android Banking Malware Distributed via Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 4
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 0
Grandoreiro banking trojan: overview of recent versions and new tricks
Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
Downloadable IOCs 0
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
Downloadable IOCs 94
European Banks Already Under Attack by New Malware Variant
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
Downloadable IOCs 0
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
Downloadable IOCs 16
The trojan horse that wanted to fly
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
Downloadable IOCs 4
Mekotio Banking Trojan Threatens Financial Systems in Latin America
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
Downloadable IOCs 15
Android Banking Malware Distributed via Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 4
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 0
Grandoreiro banking trojan: overview of recent versions and new tricks
Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
Downloadable IOCs 0
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
Downloadable IOCs 94
European Banks Already Under Attack by New Malware Variant
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
Downloadable IOCs 0
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
Downloadable IOCs 16
The trojan horse that wanted to fly
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
Downloadable IOCs 4
Mekotio Banking Trojan Threatens Financial Systems in Latin America
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
Downloadable IOCs 15
Android Banking Malware Distributed via Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 4
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 0
Grandoreiro banking trojan: overview of recent versions and new tricks
Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
Downloadable IOCs 0
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
Downloadable IOCs 94
European Banks Already Under Attack by New Malware Variant
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
Downloadable IOCs 0
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
Downloadable IOCs 16
The trojan horse that wanted to fly
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
Downloadable IOCs 4
Mekotio Banking Trojan Threatens Financial Systems in Latin America
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
Downloadable IOCs 15
Android Banking Malware Distributed via Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 4
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 0
Grandoreiro banking trojan: overview of recent versions and new tricks
Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
Downloadable IOCs 0
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
Downloadable IOCs 94
European Banks Already Under Attack by New Malware Variant
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
Downloadable IOCs 0
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
Downloadable IOCs 16
The trojan horse that wanted to fly
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
Downloadable IOCs 4
Mekotio Banking Trojan Threatens Financial Systems in Latin America
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
Downloadable IOCs 15
Android Banking Malware Distributed via Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 4
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…
Downloadable IOCs 0