banking trojan

April 9, 2019

THREAT RESEARCH

Gustuff banking botnet targets Australia

Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the “ChristinaMorrow” text message spam scam previously spotted in Australia. Although this…

February 20, 2019

THREAT RESEARCH

Combing Through Brushaloader Amid Massive Detection Uptick

Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Matthew Molyett.  Executive Summary Over the past several months, Cisco Talos has been monitoring various malware distribution campaigns leveraging the malware loader Brushaloader to deliver malware payloads to systems…

November 8, 2018

THREAT RESEARCH

Metamorfo Banking Trojan Keeps Its Sights on Brazil

This blog post was authored by Edmund Brumaghin, Warren Mercer, Paul Rascagneres, and Vitor Ventura. Executive Summary Financially motivated cybercriminals have used banking trojans for years to steal sensitive financial information from victims. They are often created to gather credit card informat…

September 28, 2017

THREAT RESEARCH

Banking Trojan Attempts To Steal Brazillion$

This post was authored by Warren Mercer, Paul Rascagneres and Vanja Svajcer Introduction Banking trojans are among some of the biggest threats to everyday users as they directly impact the user in terms of financial loss. Talos recently observed a new campaign specific to South America, namely Brazi…

March 30, 2015

THREAT RESEARCH

Threat Spotlight: Dyre/Dyreza: An Analysis to Discover the DGA

This post was authored by Alex Chiu & Angel Villegas. Overview Banking and sensitive financial information is a highly coveted target for attackers because of the high value and obvious financial implications.  In the past year, a large amount of attention has been centered on Point of Sale (PoS…

March 27, 2013

SECURITY

Thoughts on DarkSeoul: Data Sharing and Targeted Attackers

The attacks against South Korean media and banking organizations last week severely disrupted a handful of organizations with a coordinated distribution of “wiper” malware designed to destroy data on hard drives and render them unbootable. At 14:00 KST on March 20, 2013, the wiper was tr…