Latest Banking Trojan news

Xenomorph Android malware now targets U.S. banks and crypto wallets

Security researchers discovered a new campaign that distributes a new version of the Xenomorph malware to Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium.
- Bill Toulas
- September 25, 2023
- 11:16 AM
- 0
New Android MMRat malware uses Protobuf protocol to steal your data

A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices.
- Bill Toulas
- August 29, 2023
- 02:04 PM
- 0
Anatsa Android trojan now steals banking info from users in US, UK

A new mobile malware campaign since March 2023 pushes the Android banking trojan 'Anatsa' to online banking customers in the U.S., the U.K., Germany, Austria, and Switzerland.
- Bill Toulas
- June 26, 2023
- 01:21 PM
- 1
New Horabot campaign takes over victim's Gmail, Outlook accounts

A previously unknown campaign involving the Horabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool.
- Bill Toulas
- June 01, 2023
- 04:54 PM
- 1
Xenomorph Android malware now steals data from 400 banks

The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks.
- Bill Toulas
- March 10, 2023
- 05:24 AM
- 0
Over 1,800 Android phishing forms for sale on cybercrime market

A threat actor named InTheBox is promoting on Russian cybercrime forums an inventory of 1,894 web injects (overlays of phishing windows) for stealing credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps
- Bill Toulas
- February 01, 2023
- 05:30 PM
- 0
New 'Hook' Android malware lets hackers remotely control your phone

A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC (virtual network computing).
- Bill Toulas
- January 19, 2023
- 06:30 PM
- 1
SpyNote Android malware infections surge after source code leak

The Android malware family tracked as SpyNote (or SpyMax) has had a sudden increase in detections in the final quarter of 2022, which is attributed to a source code leak of one of its latest variants, known as 'CypherRat.'
- Bill Toulas
- January 05, 2023
- 10:17 AM
- 0
GodFather Android malware targets 400 banks, crypto exchanges

An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.
- Bill Toulas
- December 21, 2022
- 03:00 AM
- 0
Android file manager apps infect thousands with Sharkbot malware

A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan.
- Bill Toulas
- November 22, 2022
- 11:04 AM
- 0
Android malware droppers with 130K installs found on Google Play

A set of Android malware droppers were found infiltrating the Google Play store to install malicious programs by pretending to be app updates.
- Bill Toulas
- October 28, 2022
- 06:00 AM
- 0
Drinik Android malware now targets users of 18 Indian banks

A new version of the Drinik Android banking trojan targets 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials.
- Bill Toulas
- October 27, 2022
- 01:10 PM
- 0
Ursnif malware switches from bank account theft to initial access

A new version of the Ursnif malware (a.k.a. Gozi) emerged as a generic backdoor, stripped of its typical banking trojan functionality.
- Bill Toulas
- October 20, 2022
- 04:00 PM
- 0
Hackers behind IcedID malware attacks diversify delivery tactics

The threat actors behind IcedID malware phishing campaigns are utilizing a wide variety of distribution methods, likely to determine what works best against different targets.
- Bill Toulas
- October 10, 2022
- 04:24 PM
- 0
Lampion malware returns in phishing attacks abusing WeTransfer

The Lampion malware is being distributed in greater volumes lately, with threat actors abusing WeTransfer as part of their phishing campaigns.
- Bill Toulas
- September 09, 2022
- 10:00 AM
- 0
Grandoreiro banking malware targets manufacturers in Spain, Mexico

The notorious 'Grandoreiro' banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico.
- Bill Toulas
- August 19, 2022
- 02:58 PM
- 0
Malware devs already bypassed Android 13's new security feature

Android malware developers are already adjusting their tactics to bypass a new 'Restricted settings' security feature introduced by Google in the newly released Android 13.
- Bill Toulas
- August 17, 2022
- 10:00 AM
- 2
SOVA malware adds ransomware feature to encrypt Android devices

The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.
- Bill Toulas
- August 13, 2022
- 10:12 AM
- 0
Android malware ‘Revive’ impersonates BBVA bank’s 2FA app

A new Android banking malware named Revive has been discovered that impersonates a 2FA application required to log into BBVA bank accounts in Spain.
- Bill Toulas
- June 27, 2022
- 02:30 PM
- 1
New MaliBot Android banking malware spreads as a crypto miner

Threat analysts have discovered a new Android malware strain named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain.
- Bill Toulas
- June 16, 2022
- 03:43 PM
- 0