Results for banking

Threat Research

Silence Group Playbook

Silence Group is a cybercriminal organization that targets banks, specifically stealing information used in the payment card industry. The aim of this playbook is to provide first responders with relevant, up-to-date analysis, samples, and indicators of compromise which should help security professionals better protect their infrastructures.

By FortiGuard SE TeamApril 15, 2019

Threat Research

Deep Analysis of the Online Banking Botnet TrickBot

  One month ago we captured a Word document infected with malicious VBA code, which was detected as WM/Agent!tr by the Fortinet AntiVirus service. Its file name is InternalFax.doc, and its MD5 is 4F2139E3961202B1DFEAE288AED5CB8F.  By our analysis, the Word document was used to download and spread the botnet TrickBot. TrickBot aims at stealing online banking information from browsers when victims are visiting online banks. The targeted banks are from Australia, New Zealand, Germany, United Kingdom, Canada, United States, Israel, and...

By Xiaopeng ZhangDecember 06, 2016

Threat Research

Android Malware Masquerades as Banking App, Part II

New variants of android banking malware target even more German banks, popular social media apps, and more Summary In my previous blog I provided a detailed analysis of a new android banking malware that spoofed the mobile applications of several large German banks to trick users into revealing their banking credentials. This week I found several new variants of this growing malware, and in this update I am sharing these new findings. Install the malware One of these variants masquerades as another German mobile banking app. Once installed,...

By Kai LuNovember 18, 2016

Threat Research

Android banking malware masquerades as Flash Player, targeting large banks and popular social media apps

Active users of mobile banking apps should be aware of a new Android banking malware campaign targeting customers of large banks in the United States, Germany, France, Australia, Turkey, Poland, and Austria. This banking malware can steal login credentials from 94 different mobile banking apps. Due to its ability to intercept SMS communications, the malware is also able to bypass SMS-based two-factor authentication. Additionally, it also contains modules to target some popular social media apps. Install the malware The malware masquerades...

By Kai LuNovember 01, 2016

Industry Trends

A Tale of Shifu and its Attempt to Bypass FortiSandbox

Overview Over the last few months, the Shifu banking Trojan has become more common in the wild prevalent and the malware family has been getting a fair amount of attention both from researchers and the mainstream media. there have been a number of discussions surrounding the malware family. We also became aware that this malware attempts to bypass our sandbox technology, FortiSandbox. In this post, we will share some of our findings on this new banking Trojan and also talk about how our technologies can support and address Shifu. Prevalence While...

By Floser BacurioNovember 03, 2015

Industry Trends

Why Mr. Robot Still Works...And Why It's Sending A Timely Message

[Editor's Note: If you haven't yet watched the season finale of Mr. Robot, there are some spoilers here. It's not a recap and it won't ruin the whole episode, but you might want to watch it first before you keep reading.] Within the first four minutes of last night's Mr. Robot finale (postponed from last week because of sensitivity to the on-air shooting in Virginia), we saw a character who's life had been destroyed by the Ashley Madison data dump and heard how astoundingly difficult it is to prosecute computer...

By Chris DawsonSeptember 03, 2015