Tag: banking
-
Ransomware Gangs Leverage TrickBot Malware to Steal US $724 Million in Cryptocurrency
Ransomware affiliates associated with groups like Ryuk, Conti, and Diavol have increasingly relied on the modular TrickBot malware to facilitate sophisticated extortion campaigns, resulting in over US$724 million in cryptocurrency theft. Originally emerging in 2016 as a banking Trojan, TrickBot has transformed into a versatile malware platform that supports initial access, credential theft, and lateral…
-
Android Malware Targets Banking Users Through Discord Channels
The DoubleTrouble Android banking Trojan has evolved, using Discord for delivery and introducing several new features First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-malware-targets-banks-via/
-
New DoubleTrouble Banking Malware Targets Users Through Phishing Sites to Steal Credentials
Researchers at zLabs have been closely monitoring the DoubleTrouble banking trojan, a rapidly evolving malware strain that has shifted its tactics to exploit unsuspecting users across Europe. Initially disseminated via phishing websites mimicking reputable banks, the trojan has now adapted to more insidious distribution methods, including bogus sites hosting samples directly in Discord channels. This…
-
UNC2891 Hackers Breach ATMs Using Raspberry Pi Devices for Network Access
A Raspberry Pi device that was directly attached to an internal network switch was used by the financially motivated threat actor group UNC2891 to breach ATM networks in a sophisticated cyber campaign that targeted banking infrastructure. This embedded hardware, equipped with a 4G modem, facilitated remote access over mobile data, bypassing perimeter firewalls and establishing…
-
Coyote Trojan Turns Accessibility Into Attack Surface
Brazil-Targeting Malware Exploits Windows UIA to Evade Detection. A banking Trojan long confined to Brazil has become the first known malware to exploit Microsoft’s UI Automation framework to extract credentials, signaling a new tactic that may evade conventional detection. Akamai’s findings point to a growing trend of attackers using legitimate system features. First seen on…
-
Android Banking Malware Masquerades as Government Agencies to Attack Users
Tags: android, attack, banking, cyber, exploit, finance, government, intelligence, malware, phishingCyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated Android banking trojan dubbed RedHook, which disguises itself as legitimate applications from Vietnamese government and financial institutions to deceive users. This malware, first observed in the wild around January 2025, exploits phishing websites mimicking entities like the State Bank of Vietnam, Sacombank, Central Power Corporation,…
-
How FinServ Firms Can Navigate Secure Open Finance in 2025 and Beyond
Banks Must Secure APIs, Vet Partners and Prepare for Open Finance Threats in 2025 Open finance is revolutionizing banking, but it’s also expanding the attack surface. Discover the critical API, data privacy and third-party risks facing financial institutions in 2025 – and how to build a secure future. First seen on govinfosecurity.com Jump to article:…
-
Cybercriminals Attack Seychelles Offshore Banking as a Target
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cybercriminals-attack-seychelles-offshore-banking-as-a-target
-
Cybercriminals Attack Seychelles Offshore Banking as a Target
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cybercriminals-attack-seychelles-offshore-banking-as-a-target
-
Cyble Uncovers RedHook Android Trojan Targeting Vietnamese Users
Cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL) have uncovered a new Android banking trojan called RedHook that is actively targeting Vietnamese mobile users. The malware is distributed via carefully crafted phishing sites impersonating trusted financial and government agencies. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/redhook-android-banking-trojan-exploiting/
-
Coyote malware is first-ever malware abusing Windows UI Automation
Tags: automation, banking, credentials, crypto, exploit, finance, framework, malware, microsoft, windowsNew Coyote malware uses Windows UI Automation to steal banking credentials, targeting Brazilian users across 75 banks and crypto platforms. Coyote malware is now the first to exploit Microsoft’s UI Automation framework in the wild, validating prior warnings from Akamai researchers in December 2024. The UI Automation (UIA) framework is a Microsoft accessibility framework that…
-
Breach Roundup: Suspected XSS Cybercrime Forum Admin Arrested
Also: Clorox Sues IT Vendor Over Password Blunder. This week, XSS forum admin arrested, Clorox sued Cognizant, Lumma Stealer is back, NY regulates water, U.S. maritime cybersecurity rules in effect, new Coyote banking Trojan, a hacker nabbed details of Mexico City auxiliary police, Latin America cyberattacks, and World Leaks stole synthetic data. First seen on…
-
Banking Trojan Coyote Abuses Windows UI Automation
It’s the first known instance of malware that abuses the UIA framework and has enabled dozens of attacks against banks and crypto exchanges in Brazil. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/banking-trojan-coyote-windows-ui-automation
-
Akamai Identifies Coyote Malware Variant Capable of Compromising Microsoft UIA Framework
Akamai researchers today disclosed they have discovered a variant of Coyote malware that extracts specific banking and cryptocurrency exchanges by compromising the UI Automation (UIA) framework developed by Microsoft. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/akamai-identifis-coyote-malware-variant-capable-of-compromising-microsoft-uia-framework/
-
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information.”The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes’ web addresses and cryptocurrency exchanges,” Akamai security researcher Tomer…
-
Clive Palmer’s Trumpet of Patriots and United Australia parties hit with data breach
Data potentially compromised by the June ransomware attack includes banking records, contact details and employment historyThe political parties run by Australian mining magnate Clive Palmer have been hit with a ransomware attack, with banking records, employment history and other personal information potentially compromised.The Trumpet of Patriots, which ran <a href=”https://www.theguardian.com/australia-news/2025/may/04/clive-palmers-trumpet-of-patriots-fails-to-pick-up-single-lower-house-seat-despite-text-spam-and-ad-blitz”>but did not secure any seats…
-
OLG-Urteil: S-PushTAN für Transaktions-Authentifizierung unzureichend
Das von Sparkasse beim Online-Banking eingesetzte S-PushTAN-Verfahren ist für die Absicherung von Transaktionen unzureichend. Das hat das OLG-Dresden in einem Urteil festgestellt und einem Phishing-Opfer, welches grob fahrlässig handelte, einen Teil-Schadensersatz zugesprochen. Das S-PushTAN-Verfahren der Sparkassen Das S-PushTAN-Verfahren wird beim … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/16/olg-urteil-s-pushtan-fuer-transaktions-authentifizierung-unzureichend/
-
Verified, featured, and malicious: RedDirection campaign reveals browser marketplace failures
Browser hijacking and phishing risks: According to their research, the malicious code was embedded in each extension’s background service worker and used browser APIs to monitor tab activity. Captured data, including URLs and unique tracking IDs, was sent to attacker-controlled servers, which in turn provided redirect instructions.The setup enabled several attack scenarios, including redirection to…
-
Anatsa mobile malware returns to victimize North American bank customers
Android banking malware known as Anatsa was back for a brief but noticeable run in late June, researchers said. First seen on therecord.media Jump to article: therecord.media/anatsa-android-banking-malware-returns-north-america
-
New LogoKit Phishing Campaign Exploits Cloudflare Turnstile and Amazon S3 for Higher Success Rates
Cyble Research and Intelligence Labs (CRIL) recently discovered a very advanced phishing campaign that used the LogoKit phishing kit, which was initially discovered in 2021, to pose as reliable organizations such as Hungary’s Computer Emergency Response Team (HunCERT). This ongoing operation targets a diverse range of sectors, including banking and logistics, with a global reach…
-
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app marketplace.The malware, disguised as a “PDF Update” to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their…
-
Android malware Anatsa infiltrates Google Play to target US banks
The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-malware-anatsa-infiltrates-google-play-to-target-us-banks/
-
IT Worker arrested for selling access in $100M PIX cyber heist
Brazil arrests IT worker João Roque for aiding $100M PIX cyber heist, one of Brazil’s biggest banking system breaches. Brazilian police arrested João Roque (48), an IT employee at C&M, for allegedly aiding a cyberattack that stole over 540 million reais (~$100 million) via the PIX banking system. The company C&M links smaller banks to…
-
Malware Attacks on Android Devices Surge in Q2, Driven by Banking Trojans and Spyware
Dr.Web Security Space for mobile devices reported that malware activity on Android devices increased significantly in the second quarter of 2025. Adware trojans, particularly from the Android.HiddenAds family, remained the most prevalent threat, despite an 8.62% decrease in user encounters. These trojans often disguise themselves as harmless apps or hide within system directories, concealing their…
-
Qwizzserial Android Malware Masquerades as Legit Apps to Steal Banking Data and Intercept 2FA SMS
A new and alarming Android malware family, dubbed Qwizzserial, has emerged as a significant threat, particularly targeting users in Uzbekistan. Discovered by Group-IB in March 2024, this SMS stealer is designed to intercept two-factor authentication (2FA) codes and steal sensitive banking information, posing a severe risk to personal and financial security. Disguised as legitimate applications…
-
Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats
Dr.Web reports Android malware surge in Q2 with adware, banking trojans and crypto theft hidden in fake apps, firmware and spyware targeting users. First seen on hackread.com Jump to article: hackread.com/android-malware-adware-trojan-crypto-theft-q2-threats/
-
YONO SBI Banking App Vulnerability Exposes Users to Manthe-Middle Attack
A critical security flaw has been discovered in the widely used YONO SBI: Banking & Lifestyle app, potentially exposing millions of users to man-in-the-middle (MITM) attacks and putting sensitive financial data at risk. The vulnerability, catalogued as CVE-2025-45080, affects version 1.23.36 of the app, which is developed by the State Bank of India (SBI) and…