Ad revenue business: Developer pays you in cryptocurrency to watch ads

A couple days ago I was approached by @MalwareHunterBR with a scam Android app they found on Google Play. They sent me a link to an app called Free Ethereum Spinner which they suspected would most likely be a scam. I thought, yes, it’s another free giveaway cryptocurrency scam. However, this app had over 100,000

Continue reading Ad revenue business: Developer pays you in cryptocurrency to watch ads

Phishing attack at Raiffeisen Bank by MazarBot

Yesterday I discovered phishing campaign targeting clients of Raiffeisen Bank by popular and still active Android banking Trojan – MazarBot. This infiltration targets German speaking users and makes them download fake Raiffeisen Security App.   Last time I wrote about MazarBot it was year and a half ago, however it is still spreading using different

Continue reading Phishing attack at Raiffeisen Bank by MazarBot

Android Banking Trojan misuses accessibility services

Accessibility services can be used not only by disabled users but by malware as well. Infiltration by misusing accessibility services can read text from display activity, set itself as default messaging app and click on behalf of user. I decided to put together quick (non) technical blog post with insights from SfyLabs. This particular infiltration

Continue reading Android Banking Trojan misuses accessibility services

Petya Ransomware picture collection from infected countries around the world

On June 27, 2017 Petya ransomware infected computer in more than 65 countries around the world such as Belgium, Brazil, Germany, Denmark, Netherlands, France, Italy, Russia or the United States. Based on Microsoft report, Petya infected more than 12,500 machines only in Ukraine.This breach comes just few weeks after WannaCry ransomware that infected computer in

Continue reading Petya Ransomware picture collection from infected countries around the world

WannaCry Ransomware picture collection from infected countries around the world

The biggest cyberattack in history infected more than 200,000 computers in 150 countries and paralyzed computers and networks around the world, including the ones that run Britain’s hospital network, Germany’s national railway, Ministry of Internal Affairs in Russia, telecommunications giant Telefonica, Nissan, Renault, FedEx and many of other companies and government agencies worldwide. Without any introduction, because

Continue reading WannaCry Ransomware picture collection from infected countries around the world

Tracking Android BankBot

Free stuff are great, aren’t they? Sure, but not always, especially when it comes to security and leaked source codes. Leaked or intentionally published source codes of malware can bring new variants of infiltrations. It was proved by leaked code of Zeus, NukeBot, GMBot, Mirai or BankBot. Every hacker wannabe can slightly change the code

Continue reading Tracking Android BankBot

Old Banking Trojan uses new hiding technique

Android/Gugi or Android/Spy.Banker is old news, categorized as Android banking malware since December 2015. Gugi is capable of stealing user’s mobile banking credentials as well as credit card details.  Gugi now uses new method of hiding itself to evade detection by AV software using VirtualApp open platform.   “VirtualApp allows you to create a Virtual

Continue reading Old Banking Trojan uses new hiding technique

File-encrypting Android ransomware strikes as adult applications

The ransomware can encrypt the user data and lock the device after receiving a command from C&C server, then requesting ransom as an exchange for decrypting and releasing the locked device. File encoding ransomware is a very popular type of infiltration for malware creators. They can easily gain a large amount of money. Mainly for

Continue reading File-encrypting Android ransomware strikes as adult applications

Porn clicking Trojan on Google Play can consume more than 3 GB in one day

Not long after one of the largest malicious campaigns on Google Play was revealed, Trojan porn clickers were once again available to install from the Play Store. The porn clicker made again thousands of Google Play users infected around the world.   In two weeks another 39infected applications were found with thousands of installs. The

Continue reading Porn clicking Trojan on Google Play can consume more than 3 GB in one day