Cleafy’s Threat Intelligence team has uncovered a new variant of the TrickMo Android banking Trojan. Initially classified as an unknown malware sample, deeper analysis revealed it as a TrickMo variant with some new anti-analysis features, making detection more difficult and posing a significant threat to mobile banking users. TrickMo’s Evolution TrickMo, first identified by CERT-Bund in 2019, has a long history of targeting Android devices to carry out financial fraud. It initially gained infamy for intercepting one-time passwords (OTPs) and other two-factor authentication (2FA) mechanisms, focusing on European banking applications, particularly in Germany. The Trojan evolved from the notorious TrickBot…
Author: ISB Staff Reporter
Cybersecurity firm Fortinet has confirmed that user data was stolen from its Microsoft SharePoint server and posted on a hacking forum earlier today, according to a report by BleepingComputer. The threat actor, known as “Fortibitch,” shared credentials to what is claimed to be an S3 bucket (an online file storage system), with a total of 440GB available for download. Despite an extortion attempt, Fortinet refused to comply with the demands. The company has already notified affected users, though it has not specified the exact data that was stolen. In a statement, Fortinet clarified: “An individual gained unauthorized access to a…
Cybersecurity experts at Doctor Web have uncovered a massive malware campaign targeting Android-based TV boxes. Dubbed Android.Vo1d, the newly discovered malware has infected nearly 1.3 million devices across 197 countries, making it one of the most widespread infections of its kind. The malware acts as a backdoor, allowing attackers to secretly install third-party software on compromised devices by manipulating system files. The infection was first detected in August 2024 when users contacted Doctor Web after noticing suspicious changes in their TV boxes. The problem occurred with these models: TV Box Model Declared Firmware Version R4 Android 7.1.2; R4…
A new cyber threat dubbed “DragonRank” is actively targeting countries across Asia and Europe. Discovered by Cisco Talos, the sophisticated campaign leverages malicious tools like PlugX and BadIIS to exploit web application services and manipulate SEO rankings. DragonRank primarily focuses on compromising Windows Internet Information Services (IIS) servers, with confirmed attacks in countries including Thailand, India, Korea, Belgium, the Netherlands, and China. The tool uses search engine optimization (SEO) manipulation to disrupt online visibility and rankings. Its authors exploit vulnerabilities in web applications to deploy web shells, which allow them to gain unauthorized access to compromised servers. From there, they…
A fresh wave of attacks tied to North Korea’s infamous Lazarus Group is targeting software developers through fraudulent job recruitment schemes. These attacks are part of the VMConnect campaign, first uncovered in August last year. Malicious actors pretend to be recruiters from top financial services firms, distributing malicious Python packages disguised as coding tests. These packages, which mimic legitimate developer tools, are designed to infiltrate and compromise developer systems. ReversingLabs researchers say the attackers were found using deceptive methods, including fake LinkedIn profiles, to trick developers into downloading and executing malicious code disguised as part of job interview materials. A…
Healthcare is no longer just about treating the sick; it’s about safeguarding their most personal information. Unfortunately, today, a slew of threats target this sector, including ransomware, phishing, API vulnerabilities, and the significant complexities of securing interconnected systems and supply chains. So said Nuno Loureiro in his opening remarks during yesterday’s Probely webinar, “Unveiling Hidden APIs and Securing Vulnerabilities in the Healthcare Sector.” The conversation opened with Errol Weiss from Health-ISAC, discussing the common threats and ongoing challenges in the healthcare sector. He said ransomware remains one of the most pressing threats in healthcare. With attackers leveraging social engineering techniques,…
New Attack Technique Using TDSSKiller and LaZagne Disables EDR The RansomHub ransomware group has debuted a novel attack strategy, using a combination of tools to disable endpoint detection and response (EDR) systems and steal credentials. This is a change in its tactics, techniques, and procedures (TTPs), expanding its capabilities in the cybercrime landscape. Malwarebytes ThreatDown Managed Detection and Response (MDR) team recently uncovered this new method, which involves the use of two well-known tools: TDSSKiller, a legitimate rootkit removal utility developed by Kaspersky, and LaZagne, a credential-harvesting tool. While malicious actors have used both tools for years, this is the…
As governments, businesses, and organizations increasingly rely on digital systems, cyberattacks have become more systematic and widespread. These coordinated attacks can disrupt a country’s operations just as much as a physical offensive, making it crucial to understand their possible impact. With this in mind, researchers from vpnMentor examined cyber warfare incidents linked to four major geopolitical conflicts: Russia vs. Ukraine, North Korea vs. South Korea, Iran vs. Israel, and the United States vs. China. The team examined records of the most notable incidents between these countries up to the first half of this year. For the research, they only considered…
A significant data breach at the payment gateway provider SLIM CD has exposed over 1.7 million customers to the risk of identity theft and financial fraud. The breach, which took place between August 2023 and June 2024, compromised sensitive personal and credit card information. Based in Coral Springs, Florida, SLIM CD confirmed that unauthorized individuals infiltrated their network, potentially accessing data such as names, addresses, credit card numbers, and expiration dates. In a “Data Event” notice, the company did not reveal the specific method used in the attack, but experts speculate that phishing, malware, or social engineering tactics could have…
Almost 80 years ago, George Orwell coined the phrase “Big Brother is watching you” in his dystopian thriller, 1984. Even he couldn’t image the advances and capabilities in surveillance that are prevalent today. Geopolitical unrest and extremist ideology are a clear and present danger to the UK. This, combined with increasing rates of in-country criminal activity, has led to a closer partnership between government and the private sector, to counter these challenges. These macro and micro trends have created a significant surveillance market in the UK, generating £18 billion in revenue in 2022, with forecast growth of 21% CAGR to…
