TrickBot: New Injects, New Host

TrickBot: New Injects, New Host

What’s in the Name: Call it IcedID or TrickBot? Tell that to a security researcher (Arsh Arora in this case) and watch them RANT(Gar-note: today's blog post is a guest blog from ...
$100M ‘GozNym’ Bank Trojan Gang: 6 Arrested, 5 at Large

$100M ‘GozNym’ Bank Trojan Gang: 6 Arrested, 5 at Large

These five handsome specimens are wanted for alleged conspiracy to steal $100 million from bank accounts. Six others are in custody after a coordinated operation by European and U.S. law enforcement ...
Security Boulevard
We will walk through the script to find interesting patterns and deobfuscate the code.

Emotet: Catch Me If You Can (Part 2 of 3)

Emotet is a highly modular banking Trojan that has a proper decision tree-based algorithm to perform designated tasks. Due to Emotet’s capability to deliver obfuscated payloads and extend its capabilities through self-upgradable ...
BankBot Anubis Switches to Chinese and Adds Telegram for C2

BankBot Anubis Switches to Chinese and Adds Telegram for C2

We've recently noticed two significant changes in C2 tactics used by the threat actors behind BankBot Anubis, a mobile banking trojan. First is the use of Chinese characters to encode the C2 ...
Builder Android Bot Anubis 2

Android Malware Intercepts SMS 2FA: We have the Logs!

A couple years ago I was doing some phishing investigations training at the Police School in Santiago, Chile. One module in my training was called "Logs Don't Lie" which pointed out that ...
New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users

New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users

A newly observed variant of BankBot has been discovered masquerading as Adobe Flash Player, Avito, and an HD Video Player. This variant, now detected by PhishLabs as BankBot Anubis, was first identified ...
Fancy Bear Cyberspies Hide Phishing Pages Behind Blogspot Links

Fancy Bear Cyberspies Hide Phishing Pages Behind Blogspot Links

Security researchers have identified a new phishing campaign launched by Russian cyberespionage group Fancy Bear that uses rogue blogspot.com URLs to bypass spam filters. These latest attacks were aimed at Bellingcat, a ...