Shining a light on “Silent Night” Zloader/Zbot

The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

Categories:

Tags:

(Read more…)

The post Shining a light on “Silent Night” Zloader/Zbot appeared first on Malwarebytes Labs.

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.

Categories:

Tags:

(Read more…)

The post New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app appeared first on Malwarebytes Labs.

Credit card skimmer masquerades as favicon

Criminals register fake domain to hide their web skimmer as an innocuous image file.

Categories:

Tags:

(Read more…)

The post Credit card skimmer masquerades as favicon appeared first on Malwarebytes Labs.

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data.

Categories:

Tags:

(Read more…)

The post APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT appeared first on Malwarebytes Labs.

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

URLs can be deceiving, but the one used to mimic CloudFlare’s Rocket Loader in the latest Magecart attack takes it to a whole new level.

Categories:

Tags:

(Read more…)

The post Rocket Loader skimmer impersonates CloudFlare library in clever scheme appeared first on Malwarebytes Labs.

Domen toolkit gets back to work with new malvertising campaign

We describe the latest malvertising campaign that uses Domen, an advanced social engineering toolkit.

Categories:

Tags:

(Read more…)

The post Domen toolkit gets back to work with new malvertising campaign appeared first on Malwarebytes Labs.

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

Criminals set up fraudulent infrastructure that looks like a typical content delivery network—except it isn’t. Behind it hides a credit card skimmer injected into Magento online stores.

Categories:

Tags:

(Read more…)

The post Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server appeared first on Malwarebytes Labs.

WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation

We reveal the inner workings of WOOF locker, the most sophisticated browser locker campaign we’ve seen to date. Learn how this tech support scam evades researchers and ensnares users by hiding in plain sight.

Categories:

Tags:

(Read more…)

The post WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation appeared first on Malwarebytes Labs.

New evasion techniques found in web skimmers

As Magecart credit card skimmers become exposed by security researchers, their authors are refining evasion techniques to go undetected.

Categories:

Tags:

(Read more…)

The post New evasion techniques found in web skimmers appeared first on Malwarebytes Labs.

Hundreds of counterfeit online shoe stores injected with credit card skimmer

A Magecart credit card skimmer was found injected into hundreds of counterfeit, brand-name shoe stores—a one-two punch of victimization for users first duped with fake goods then stripped of their personal data.

Categories:

Tags:

(Read more…)

The post Hundreds of counterfeit online shoe stores injected with credit card skimmer appeared first on Malwarebytes Labs.