trojan

Beware of Greeks Bearing Mobile App Downloads

RSA has been made aware of a new malware attack campaign that targets end-users of online banking applications, which could enable fraudulent wire transactions from victims’ accounts. The attack relies on an Android-based SMS hijacker app that has been branded or “skinned” with RSA SecurID branding to make it appear more credible. This attack targets…

An APT Case Study

The RSA IR team deals with APT actors on a daily basis on networks of various sizes. Regardless of the size of the network, or the number of advanced actors we find in them, one thing is paramount to both us and our customers during investigations: the ability to quickly scope severity of the intrusion. …

Wolves Among Us: Abusing Trusted Providers for Malware Operations

Within the past year the RSA Incident Response (IR) team has worked multiple APT engagements where they’ve identified the adversary’s malware using a unique method of determining its Command and Control (C2) server. By leveraging trusted content providers, such as popular shopping sites and discussion forums, adversaries can perform operations within a network in plain…

RSA Uncovers New POS Malware Operation Stealing Payment Card & Personal Information

By Yotam Gottesman, Senior Security Researcher, RSA FirstWatch team In a recent investigation, RSA researchers uncovered the server infrastructure used in a global Point-of-Sale (PoS) malware operation responsible for the electronic theft of payment card and personal data from several dozen retailers, mostly based in the U.S. Infection activity has also been detected in 10…

RSA Peeks into the Bits of New Linux-based Trojan Hand of Thief #INTH3WILD

By Yotam Gottesman, Senior Security Researcher, RSA FraudAction Research Labs The Hand of Thief Trojan (or “HoT”) is commercial malware that was first released for sale in late July 2013 by an underground vendor in Russian-speaking cybercrime communities. Hand of Thief was named a banking Trojan by its developer, programmed to be a form grabber…

New Trojan #INTH3WILD: Is Cybercrime Ready to Crown a New “KINS”?

Was that a typo? What is a “KINS”? Well, it appears that KINS is the name of a new professional-grade banking Trojan that is very likely taking its first steps in the cybercrime underground and could be poised to infect new victims as quickly and effectively as its Zeus, SpyEye and Citadel predecessors. Some Cybercrime…

It’s Raining Zbot! New Variant Turns to Cloud for Strength #INTH3WILD

By Fielder, Senior Researcher, RSA FirstWatch Team RSA FirstWatch has detected a new Zbot variant that utilizes multiple cloud services providers to strengthen their command and control ability.  While malware in the cloud has been discussed and observed for years, what makes this variant of Zbot different is that it doesn’t behave like most variants…

New Commercial Trojan #INTH3WILD: Meet Beta Bot

By Limor S. Kessem, Cybercrime and Online Fraud Communications Specialist, RSA It appears that a much anticipated event has finally transpired in the cybercrime arena, with the release and active sale of a new commercially-available Trojan family that has begun around January this year, circulating under the name Beta Bot. RSA researchers have recently come…

Got an Extra $40,000 Lying Around? Carberp is Back on the Market!

By Limor S Kessem, Cybercrime and Online Fraud Communications Specialist, RSA Not two weeks after Citadel’s vendor and spokesperson got banned from the largest Russian-speaking cybercrime community, members from the Carberp Trojan team have resurfaced, scurrying to capture some of the underground limelight. In a surprising move that came about earlier this week, team Carberp…

Cyber Gang Seeks Botmasters to Wage Massive Wave of Trojan Attacks Against U.S. Banks

By Mor Ahuvia, Cybercrime Communications Specialist, RSA FraudAction™  In one of the most interesting cases of organized cybercrime this year, a cyber gang has recently communicated its plans to launch a Trojan attack spree on 30 American banks as part of a large-scale orchestrated crimeware campaign. Planned for this fall, the blitzkrieg-like series of Trojan…