Tag: banking
-
Per Virtualisierung: Gefährliche Android-Malware stiehlt Daten aus Banking-Apps
Eine Malware namens Godfather hat es auf fast 500 verschiedene Banking- und Krypto-Apps abgesehen. Virtualisierung sorgt für die perfekte Tarnung. First seen on golem.de Jump to article: www.golem.de/news/per-virtualisierung-gefaehrliche-android-malware-stiehlt-daten-aus-banking-apps-2506-197317.html
-
GodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking Apps
Zimperium zLabs has uncovered a highly advanced iteration of the GodFather Android banking malware, which employs a groundbreaking on-device virtualization technique to compromise legitimate mobile banking and cryptocurrency applications. Unlike traditional overlay attacks that merely mimic login screens, this malware creates a fully isolated virtual environment on the victim’s device, enabling attackers to monitor and…
-
Godfather Android malware now uses virtualization to hijack banking apps
A new version of the Android malware “Godfather” creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/godfather-android-malware-now-uses-virtualization-to-hijack-banking-apps/
-
UBS Employee Data Reportedly Exposed in Third Party Attack
Banking giant UBS revealed it had suffered a data breach following a cyber-attack on procurement service provider Chain IQ First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ubs-employee-data-exposed-third/
-
Securing the Future Together: Why Thales and HPE are the Partners You Can Trust
Tags: access, ai, application-security, banking, business, cloud, compliance, computing, control, cryptography, cyber, cyberattack, data, dora, encryption, GDPR, government, Hardware, healthcare, infrastructure, network, nis-2, PCI, resilience, risk, service, software, strategy, threatSecuring the Future Together: Why Thales and HPE are the Partners You Can Trust madhav Tue, 06/17/2025 – 05:15 Across every industry, data drives decisions, innovation, and growth. As organizations modernize with hybrid cloud and AI, the risks to that data scale are just as fast. From sophisticated cyberattacks to increasingly stringent compliance demands, the…
-
‘We’re being attacked all the time’: how UK banks stop hackers
Devastating attacks at M&S, the Co-op and Harrods highlight risks as lenders say cybersecurity is biggest expenseIt is every bank boss’s worst nightmare: a panicked phone call informs them a cyber-attack has crippled the IT system, rapidly unleashing chaos across the entire UK financial industry.As household names in other industries, including Marks & Spencer, grapple…
-
Banking groups urge SEC to rescind Biden-era cybersecurity rule
The rule has exposed companies to liability risks while failing to provide investors with;“decision-useful” information, the coalition said in a recent letter. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/banking-groups-urge-sec-rescind-breach-reporting-rule/749928/
-
UAE Central Bank Tells FIs to Drop SMS, OTP Authentication
Banking Sector Faces Challenges in Meeting March 2026 Compliance Deadline. The Central Bank of UAE has issued a directive asking financial institutions to eliminate weak authentication methods including SMS and email OTPs. Banks are also expected to implement real-time fraud monitoring and suspend sessions when malicious activity is detected. First seen on govinfosecurity.com Jump to…
-
File security best practices in banking: Protecting digital assets in a complex threat landscape
First seen on scworld.com Jump to article: www.scworld.com/resource/file-security-best-practices-in-banking-protecting-digital-assets-in-a-complex-threat-landscape
-
DCRat Targets Latin American Users to Steal Banking Credentials
IBM X-Force has uncovered a series of targeted email campaigns orchestrated by Hive0131, a financially motivated threat group likely originating from South America. Observed in early May 2025, these campaigns specifically target users in Colombia, masquerading as official notifications from The Judiciary of Colombia, particularly the Civil Circuit of Bogota. The attacks aim to deliver…
-
New Crocodilus Malware Grants Full Control Over Android Devices
The Mobile Threat Intelligence (MTI) team identified a formidable new player in the mobile malware landscape: Crocodilus, an Android banking Trojan designed for device takeover. Initially observed in test campaigns with limited live instances, this malware has rapidly evolved, demonstrating a surge in active campaigns and sophisticated development. A Rising Threat in the Android Ecosystem…
-
Android banking trojan Crocodilus rapidly evolves and goes global
A new Android banking trojan called Crocodilus is being used in a growing number of campaigns targeting users in Europe and South America. Crocodilus is a recently discovered Android banking trojan that is quickly gaining ground. What began as small test campaigns has now grown into full-blown attacks targeting users across Europe and South America.…
-
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America.The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim’s…
-
Bankers Association’s attack on cybersecurity transparency
A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/03/bankers-association-attack-on-cybersecurity-transparency/
-
Top Cloud Vulnerabilities in Fintech and How to Fix Them
Tags: banking, cloud, computing, cyber, finance, fintech, international, mobile, service, technology, threat, vulnerabilityFor financial technology (FinTech) organizations, cloud security is both a top priority and a significant concern, as highlighted by a study conducted by McKinsey and the Institute of International Finance (IIF). FinTech companies increasingly rely on cloud computing to power services such as mobile banking, digital payments, and investment platforms. However, as cyber threats grow……
-
US Banks Urge SEC to Repeal Cyber Disclosure Rule
Five major banking associations in the US claim the new SEC cyber incident disclosure rule puts a strain on their resources First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-banks-sec-repeal-cyber/
-
Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands
The Zanubis Android banking Trojan has evolved into a highly sophisticated threat, initially targeting financial institutions in Peru before expanding its scope to virtual cards and cryptocurrency wallets. This malware, known for impersonating legitimate Peruvian Android apps, tricks users into granting accessibility permissions, thereby enabling extensive data theft and remote control capabilities. Evolution of a…
-
Your Mobile Apps May Not Be as Secure as You Think”¦ FireTail Blog
Tags: access, ai, android, api, authentication, banking, best-practice, cloud, control, cyber, cybersecurity, data, encryption, finance, leak, mobile, password, phone, risk, threat, vulnerabilityMay 28, 2025 – Lina Romero – Your Mobile Apps May Not Be as Secure as You Think”¦ Excerpt: Cybersecurity risks are too close for comfort. Recent data from the Global Mobile Threat Report reveals that our mobile phone applications are most likely exposing our data due to insecure practices such as API key hardcoding.…
-
Remote purchase fraud surges 14%, says banking industry
Brits lost over £1bn to payment fraud in its many forms last year, according to the latest banking industry numbers First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366624880/Remote-purchase-fraud-surges-14-says-banking-industry
-
Revocation of SEC cyber disclosure rule sought by banking groups
First seen on scworld.com Jump to article: www.scworld.com/brief/revocation-of-sec-cyber-disclosure-rule-sought-by-banking-groups
-
New Android Malware GhostSpy Grants Attackers Full Control Over Infected Devices
A chilling new Android malware, dubbed GhostSpy, has emerged as a significant threat to mobile security, according to a detailed report by CYFIRMA. This high-risk malware employs advanced evasion, persistence, and surveillance techniques to seize complete control over infected devices. With capabilities ranging from keylogging to bypassing banking app protections, GhostSpy poses a severe risk…
-
U.S. Banking Associations Petition SEC to Rescind Cyber Breach Reporting Mandate
Five major banking associations have formally petitioned the U.S. Securities and Exchange Commission (SEC) to repeal a rule that mandates public companies to disclose material cybersecurity incidents within four business days. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/banks-urge-sec-to-end-cyber-disclosure-mandate/
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
Operation Endgame Crushes DanaBot Malware, Shuts Down 150 C2 Servers and Halts 1,000 Daily Attacks
Operation Endgame II has delivered a devastating strike against DanaBot, a notorious malware that has plagued systems since its emergence in 2018. Initially designed as a banking trojan targeting financial credentials, DanaBot evolved into a multi-purpose threat, facilitating information theft and enabling secondary attacks like ransomware through payloads such as Latrodectus. At its peak in…
-
Securing Open Banking: How Fintechs Can Defend Against Automated Fraud API Abuse
Open Banking is accelerating innovation, and fraud”, with API abuse, credential stuffing, and fake account creation now among the top threats fintechs must defend against in real time. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/securing-open-banking-how-fintechs-can-defend-against-automated-fraud-api-abuse/
-
CTM360 maps out real-time phishing infrastructure targeting corporate banking worldwide
A phishing operation that targets corporate banking accounts across the globe has been analyzed in a new report by CTM360. The campaign uses fake Google ads, advanced … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/19/ctm360-cyberheist-phish-report/
-
Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware
A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by threat actors deploying Horabot malware, predominantly targeting Spanish-speaking users in Latin America. This high-severity threat, detailed in the 2025 Global Threat Landscape Report, exploits malicious HTML files embedded in phishing emails to steal sensitive information, including email credentials and banking data,…