Tag: banking trojan

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…

Downloadable IOCs 0

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…

Downloadable IOCs 94

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

Downloadable IOCs 0

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …

Downloadable IOCs 116

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …

Downloadable IOCs 16

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

Downloadable IOCs 4

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…

Downloadable IOCs 15

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 4

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 0

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…

Downloadable IOCs 0

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…

Downloadable IOCs 94

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

Downloadable IOCs 0

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …

Downloadable IOCs 116

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …

Downloadable IOCs 16

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

Downloadable IOCs 4

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…

Downloadable IOCs 15

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 4

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 0

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…

Downloadable IOCs 0

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…

Downloadable IOCs 94

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

Downloadable IOCs 0

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …

Downloadable IOCs 116

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …

Downloadable IOCs 16

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

Downloadable IOCs 4

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…

Downloadable IOCs 15

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 4

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 0

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…

Downloadable IOCs 0

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…

Downloadable IOCs 94

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

Downloadable IOCs 0

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …

Downloadable IOCs 116

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …

Downloadable IOCs 16

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

Downloadable IOCs 4

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…

Downloadable IOCs 15

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 4

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 0

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…

Downloadable IOCs 0

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…

Downloadable IOCs 94

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

Downloadable IOCs 0

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …

Downloadable IOCs 116

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …

Downloadable IOCs 16

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

Downloadable IOCs 4

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…

Downloadable IOCs 15

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 4

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 0

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…

Downloadable IOCs 0

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…

Downloadable IOCs 94

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

Downloadable IOCs 0

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …

Downloadable IOCs 116

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …

Downloadable IOCs 16

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

Downloadable IOCs 4

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…

Downloadable IOCs 15

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 4

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 0

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…

Downloadable IOCs 0

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…

Downloadable IOCs 94

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

Downloadable IOCs 0

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …

Downloadable IOCs 116

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …

Downloadable IOCs 16

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

Downloadable IOCs 4

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…

Downloadable IOCs 15

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 4

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 0

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…

Downloadable IOCs 0

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…

Downloadable IOCs 94

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

Downloadable IOCs 0

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …

Downloadable IOCs 116

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …

Downloadable IOCs 16

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

Downloadable IOCs 4

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…

Downloadable IOCs 15

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 4

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 0

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…

Downloadable IOCs 0

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…

Downloadable IOCs 94

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

Downloadable IOCs 0

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …

Downloadable IOCs 116

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …

Downloadable IOCs 16

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

Downloadable IOCs 4

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…

Downloadable IOCs 15

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 4

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anats…

Downloadable IOCs 0