#bankingtrojan — Public Fediverse posts

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook — Elastic Security Labs

Pulse ID: 6a01c05dfa507c2e736c894e
Pulse Link: https://otx.alienvault.com/pulse/6a01c05dfa507c2e736c894e
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:41:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #CyberSecurity #ElasticSecurityLabs #InfoSec #OTX #OpenThreatExchange #Outlook #Trojan #WhatsApp #bot #CyberHunter_NL

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

Pulse ID: 6a016000ee4c7bcaf4f232e3
Pulse Link: https://otx.alienvault.com/pulse/6a016000ee4c7bcaf4f232e3
Pulse Author: Tr1sa111
Created: 2026-05-11 04:50:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Outlook #Trojan #WhatsApp #bot #Tr1sa111

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

JanelaRAT an Advanced Banking Trojan Targeting Financial Users

JanelaRAT is an evolving Remote Access Trojan targeting financial users in Latin America using multi stage infection chains, phishing and DLL sideloading to steal banking and cryptocurrency data while employing evasion, persistence and interactive techniques to bypass security controls.

Pulse ID: 69e48460c771926e0e7231bc
Pulse Link: https://otx.alienvault.com/pulse/69e48460c771926e0e7231bc
Pulse Author: cryptocti
Created: 2026-04-19 07:29:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #CyberSecurity #InfoSec #LatinAmerica #OTX #OpenThreatExchange #Phishing #RAT #RemoteAccessTrojan #SideLoading #Trojan #bot #cryptocurrency #cryptocti

New Albiriox Android Malware Developed by Russian Cybercriminals https://www.securityweek.com/new-albiriox-android-malware-developed-by-russian-cybercriminals/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #Albiriox

New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages https://www.securityweek.com/new-sturnus-banking-trojan-targets-whatsapp-telegram-signal-messages/ #Malware&Threats #Androidtrojan #bankingtrojan #mobilemalware #malware #Sturnus

🚨 Alert: The new #EternidadeStealer is using WhatsApp to spread malicious files to steal banking and crypto data from users. Watch out and don’t open unexpected attachments, plus verify messages from contacts.

Read: https://hackread.com/eternidade-stealer-whatsapp-steal-banking-data/

#CyberSecurity #Malware #WhatsApp #BankingTrojan #InfoSec

77 malicious apps removed from Google Play Store https://www.malwarebytes.com/blog/news/2025/08/77-malicious-apps-removed-from-google-play-store #bankingTrojan #playstore #Android #Anatsa #News

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps https://www.securityweek.com/anatsa-android-banking-trojan-now-targeting-830-financial-institutions/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #malware #Anatsa

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps https://www.securityweek.com/anatsa-android-banking-trojan-now-targeting-830-financial-institutions/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #malware #Anatsa

Coyote Banking Trojan First to Abuse Microsoft UIA https://www.securityweek.com/coyote-banking-trojan-first-to-abuse-microsoft-uia/ #Malware&Threats #bankingtrojan #MicrosoftUIA #malware #stealer #Coyote

Coyote Banking Trojan First to Abuse Microsoft UIA https://www.securityweek.com/coyote-banking-trojan-first-to-abuse-microsoft-uia/ #Malware&Threats #bankingtrojan #MicrosoftUIA #malware #stealer #Coyote

Godfather Android Trojan Creates Sandbox on Infected Devices – Source: www.securityweek.com https://ciso2ciso.com/godfather-android-trojan-creates-sandbox-on-infected-devices-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #securityweekcom #Androidmalware #Androidtrojan #bankingtrojan #securityweek #GodFather #Malware

Godfather Android Trojan Creates Sandbox on Infected Devices https://www.securityweek.com/godfather-android-trojan-creates-sandbox-on-infected-devices/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #Godfather #malware

Godfather Android Trojan Creates Sandbox on Infected Devices https://www.securityweek.com/godfather-android-trojan-creates-sandbox-on-infected-devices/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #Godfather #malware

‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft – Source: www.securityweek.com https://ciso2ciso.com/crocodilus-android-banking-trojan-allows-device-takeover-data-theft-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #securityweekcom #Androidmalware #bankingtrojan #securityweek #Crocodilus #Malware

‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft https://www.securityweek.com/crocodilus-android-banking-trojan-allows-device-takeover-data-theft/ #Malware&Threats #Androidmalware #bankingtrojan #Crocodilus #malware

‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft https://www.securityweek.com/crocodilus-android-banking-trojan-allows-device-takeover-data-theft/ #Malware&Threats #Androidmalware #bankingtrojan #Crocodilus #malware

Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe – Source: www.securityweek.com https://ciso2ciso.com/fresh-grandoreiro-banking-trojan-campaigns-target-latin-america-europe-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #securityweekcom #bankingtrojan #securityweek #Grandoreiro #Malware #Trojan

Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe https://www.securityweek.com/fresh-grandoreiro-banking-trojan-campaigns-target-latin-america-europe/ #Malware&Threats #bankingtrojan #Grandoreiro #malware #trojan

Ursnif Trojan Campaign Targets U.S. Professionals via Stealthy Spam Attacks https://thecyberexpress.com/ursnif-banking-trojan/ #TheCyberExpressNews #UrsnifBankingTrojan #TheCyberExpress #FirewallDaily #bankingtrojan #Ursniftrojan #DarkWebNews #CyberNews

Hidden in Plain Sight: ErrorFather’s Deadly Deployment of Cerberus – Source:cyble.com https://ciso2ciso.com/hidden-in-plain-sight-errorfathers-deadly-deployment-of-cerberus-sourcecyble-com/ #BankingTrojan #ErrorFather #CybleBlog #'Cyber

Hidden in Plain Sight: ErrorFather’s Deadly Deployment of Cerberus https://cyble.com/blog/hidden-in-plain-sight-errorfathers-deadly-deployment-of-cerberus/ #BankingTrojan #ErrorFather

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan https://cyble.com/blog/cyble-honeypot-sensors-detect-wordpress-plugin-attack-new-banking-trojan/ #BankingTrojan #Vulnerability #WordPress #Honeypot

Coyote Banking Trojan Attacking Windows Users To Steal Login Details https://gbhackers.com/coyote-banking-trojan-windows-attack/ #BankingTrojan #cybersecurity #LatinAmerica #CyberAttack #Phishing #Malware

Mekotio Banking Trojan Attacking American Users To Steal Financial Data https://gbhackers.com/mekotio-banking-trojan-american-attacks/ #CyberSecurityNews #cybersecurity #EmailSecurity #BankingTrojan #Phishing #phishing #Malware #Mekotio

Researchers Observe Surge in Use of Mekotio Banking Trojan Against Latin American Financial Systems https://thecyberexpress.com/surge-mekotio-banking-trojan-latin-america/ #TheCyberExpressNews #TheCyberExpress #FirewallDaily #bankingtrojan #LatinAmerican #LatinAmerica #Cyberattack #Mekotio

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide
https://thehackernews.com/2024/05/grandoreiro-banking-trojan-resurfaces.html #Cybercrime #Malware #Trojan #BankingTrojan #Grandoreiro

Researches Discovers New Android Banking Trojan ‘Brokewell’ Disguised as Chrome Update https://thecyberexpress.com/android-banking-trojan-targeting-germans/ #Androidbankingtrojan #TheCyberExpressNews #CybersecurityNews #CRILresearchers #TheCyberExpress #FirewallDaily #bankingtrojan #Brokewell #Cybleblog #Germany

Morphisec reports the expansion of URSA (Mispadu) banking trojan beyond Latin American countries and Spanish-speaking individuals. They describe the infection chain: delivery and multi-stage VB Scripts, and injector DLL. They also describe the payload features. IOC provided. 🔗 https://blog.morphisec.com/mispadu-infiltration-beyond-latam

#URSA #Mispadu #bankingtrojan #trojan #threatintel #cybercrime #IOC

Morphisec reports the expansion of URSA (Mispadu) banking trojan beyond Latin American countries and Spanish-speaking individuals. They describe the infection chain: delivery and multi-stage VB Scripts, and injector DLL. They also describe the payload features. IOC provided. 🔗 https://blog.morphisec.com/mispadu-infiltration-beyond-latam

#URSA #Mispadu #bankingtrojan #trojan #threatintel #cybercrime #IOC

Morphisec reports the expansion of URSA (Mispadu) banking trojan beyond Latin American countries and Spanish-speaking individuals. They describe the infection chain: delivery and multi-stage VB Scripts, and injector DLL. They also describe the payload features. IOC provided. 🔗 https://blog.morphisec.com/mispadu-infiltration-beyond-latam

#URSA #Mispadu #bankingtrojan #trojan #threatintel #cybercrime #IOC

Morphisec reports the expansion of URSA (Mispadu) banking trojan beyond Latin American countries and Spanish-speaking individuals. They describe the infection chain: delivery and multi-stage VB Scripts, and injector DLL. They also describe the payload features. IOC provided. 🔗 https://blog.morphisec.com/mispadu-infiltration-beyond-latam

#URSA #Mispadu #bankingtrojan #trojan #threatintel #cybercrime #IOC

Morphisec reports the expansion of URSA (Mispadu) banking trojan beyond Latin American countries and Spanish-speaking individuals. They describe the infection chain: delivery and multi-stage VB Scripts, and injector DLL. They also describe the payload features. IOC provided. 🔗 https://blog.morphisec.com/mispadu-infiltration-beyond-latam

#URSA #Mispadu #bankingtrojan #trojan #threatintel #cybercrime #IOC

LATAM Malware Variants - 2023 Technical Updates

In 2023, several well-known Latin America banking trojans and information stealers like Mispadu, Kiron, Caiman, Culebra, Salve and Astaroth were updated with new components and obfuscation methods focused on improving defense evasion capabilities. The updates included new droppers, CAPTCHA implementations, payload encryption schemes and dead drop techniques.

Pulse ID: 65dc68a137d255fac0150a01
Pulse Link: https://otx.alienvault.com/pulse/65dc68a137d255fac0150a01
Pulse Author: AlienVault
Created: 2024-02-26 10:32:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #Malware #Bank #Trojan #Encryption #BankingTrojan #LatinAmerica #Mispadu #AlienVault

#ActuLibre TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks -> http://feedproxy.google.com/~r/TheHackersNews/~3/1qXOqDBT0VU/trickbot-malware-rdp-bruteforce.html #TrickBotBankingMalware #RDPVulnerability #ComputerMalware #bankingTrojan #Malwareattack #Bruteforce #RDPexploit