banking Trojan

Android malware that combines a Banking Trojan, Keylogger, and Ransomware in one package

  • 67
 August 17, 2018

Estimated reading time: 8 minutes

This malware has all basic functionalities of the Android banker along with additional features like call forwarding, sound recording, keylogging and ransomware activities. It has the ability to launch user’s browser with URL received from the C&C server. It repeatedly opens the accessibility setting page until the user switches ON the ‘AccessibilityService’. The...

IcedID – a new sophisticated banking Trojan: a technical analysis by Quick Heal Security Labs

  • 2
 November 29, 2017

Estimated reading time: 4 minutes

IcedID is a new player in the banking Trojan family. It has a modular architecture and capable of stealing banking credentials of the user by performing a man-in-the-middle attack (MITM). IcedID sets up a local proxy and redirects all Internet traffic through it. Additionally, it can download and execute components...

Just hovering your computer mouse over a hyperlink can get your computer infected

  • 96
 June 21, 2017

Estimated reading time: 3 minutes

In a new kind of attack, cybercriminals are infecting computers with a banking Trojan simply by fooling users into hovering over a link embedded in a malicious PowerPoint file. Attackers are sending malicious PowerPoint Show (PPS) or Open XML Slide Show (PPSX) to users via spam emails. These files only...

Beware! The TrickBot Trojan is back

  • 31
 June 16, 2017

Estimated reading time: 3 minutes

TrickBot Trojan was first identified in mid-2016 and considered similar to the Dyreza banking Trojan. Initially, the payload (the component of a computer virus that executes a malicious activity) was spreading through a malvertising campaign using the Rig Exploit Kit. From our current findings, we have found that TrickBot has...

Banking malware, Dridex bounces back through PDF

  • 4
 May 10, 2017

Estimated reading time: 3 minutes

Dridex is a banking malware which uses macros to spread on windows systems. Spam email attachments are utilized to spread this infection. Banking malware are generally key loggers. They trick users into opening the attachment; it then records the keystrokes on user’s computer and uses them for their own benefit....

Cerber Ransomware and Kovter Trojan Team up Together

  • 13
 April 14, 2017

Estimated reading time: 3 minutes

For the last 2 weeks, we have been observing a malware campaign using spam emails that look like they are from United States Postal Service (USPS) or FedEx. These emails are distributing the Cerber Ransomware along with Kovter Trojan – a lethal combination! The spam email contains a malicious script...

Alert! Don’t click links in SMSs received from unknown numbers

  • 42
 July 5, 2016

Estimated reading time: 2 minutes

Almost every one of us receives one promotional SMS every day on our mobile phone. Some of these SMSs could be from known entities like our favorite apparel store, food joint or shoe store. And some SMSs could be from totally unknown ones like astrologers or love gurus and so...

The Curious Case of Upatre

  • 3
 December 9, 2015

Estimated reading time: 6 minutes

What is Upatre? Upatre is a piece of malicious software that downloads and executes other malware. The name ‘Upatre’ comes from User Agent string “UPdATes downloadER” used by the malware. We have been observing Upatre infections since 2013 at the Quick Heal Threat Research lab. The curious thing here is...

Online Banking Users, Beware of the Cridex Worm!

  • 1
 February 18, 2015

Estimated reading time: 2 minutes

There is a computer worm on the loose that steals personal login ID and passwords. This worm is known to target users of online banking and social media sites like Facebook, Twitter, etc. Scroll down to know more about this worm and how you can stay safe against it. The...