When you think you've seen it all, malware authors always find a way to impress you. Today's "that's clever!" moment comes courtesy of a criminal group that's been spreading a new version of the Zeus Panda banking trojan since June, this year.
Security researchers have spotted a new Android banking trojan named LokiBot that turns into ransomware and locks users' phones when they try to remove its admin privileges.
A new spam campaign is using malicious CHM files to download and install Brazilian banking Trojans.
A third banking trojan has added support for EternalBlue, an exploit supposedly created by the NSA, leaked online by the Shadow Brokers, and the main driving force behind the WannaCry and NotPetya ransomware outbreaks.
A malware group is using Facebook's CDN servers to store malicious files that it later uses to infect users with banking trojans.
The TrickBot banking trojan has added support for stealing funds stored in Coinbase.com accounts, according to a recent version spotted in a distribution campaign last week.
Ukrainian authorities and businesses are on alert after a local security firm reported that another accounting software maker got hacked and its servers were being used to spread malware.
Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store.
It was to be expected that Android banking trojan operators would eventually set their sights on ride-hailing applications, considering that these apps work with a user's financial data on a daily basis.
A new version of the Svpeng Android banking trojan has started making victims during the past month, and at the origin of this sudden surge in activity is a criminal selling a new and improved version of Svpeng on a Russian underground hacking forum.
MalwareTech — the security researcher who stopped the WannaCry ransomware outbreak — was arrested in Las Vegas on accusations of creating the Kronos banking trojan together with another person.
Security researchers have found malware inside the firmware of several low-cost Android smartphones, such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.
Two banking trojans — Emotet and Trickbot — have added support for a self-spreading component to improve their chances of infecting other victims on the same network.
In July 2017, security researchers have spotted a new version of the proficient Ursnif banking trojan that comes with a clever trick to avoid sandbox environments and automated virtual machines by using mouse movements to detect if a real user is interacting with the computer.
Several security researchers have spotted an increase in malware campaigns distributing the TrickBot banking trojan, going after a host of targets ranging from regular e-banking applications to PayPal accounts and business CRMs.
Last week, McAfee released a tool named AmIPinkC2, a Windows command-line application that removes remnant files of Pinkslipbot infections that allow the malware to continue to use previously infected computers as proxy relays, even if the original malware's binary has been cleaned and removed from infected hosts.
A recent surge in Android banking malware can be traced back to December 2016, when a malware coder under the name of Maza-in uploaded a tutorial on how to build Android malware on an underground hacking forum named Exploit.in.
If a large number of users are getting locked out of your organization's Active Directory domain, it is possible that some of them may have been infected with QakBot, a rare but very dangerous malware strain.