Android Banking Trojan misuses accessibility services

Accessibility services can be used not only by disabled users but by malware as well. Infiltration by misusing accessibility services can read text from display activity, set itself as default messaging app and click on behalf of user. I decided to put together quick (non) technical blog post with insights from SfyLabs. This particular infiltration

Continue reading Android Banking Trojan misuses accessibility services

Petya Ransomware picture collection from infected countries around the world

On June 27, 2017 Petya ransomware infected computer in more than 65 countries around the world such as Belgium, Brazil, Germany, Denmark, Netherlands, France, Italy, Russia or the United States. Based on Microsoft report, Petya infected more than 12,500 machines only in Ukraine.This breach comes just few weeks after WannaCry ransomware that infected computer in

Continue reading Petya Ransomware picture collection from infected countries around the world

WannaCry Ransomware picture collection from infected countries around the world

The biggest cyberattack in history infected more than 200,000 computers in 150 countries and paralyzed computers and networks around the world, including the ones that run Britain’s hospital network, Germany’s national railway, Ministry of Internal Affairs in Russia, telecommunications giant Telefonica, Nissan, Renault, FedEx and many of other companies and government agencies worldwide. Without any introduction, because

Continue reading WannaCry Ransomware picture collection from infected countries around the world

Tracking Android BankBot

Free stuff are great, aren’t they? Sure, but not always, especially when it comes to security and leaked source codes. Leaked or intentionally published source codes of malware can bring new variants of infiltrations. It was proved by leaked code of Zeus, NukeBot, GMBot, Mirai or BankBot. Every hacker wannabe can slightly change the code

Continue reading Tracking Android BankBot

Old Banking Trojan uses new hiding technique

Android/Gugi or Android/Spy.Banker is old news, categorized as Android banking malware since December 2015. Gugi is capable of stealing user’s mobile banking credentials as well as credit card details.  Gugi now uses new method of hiding itself to evade detection by AV software using VirtualApp open platform.   “VirtualApp allows you to create a Virtual

Continue reading Old Banking Trojan uses new hiding technique

File-encrypting Android ransomware strikes as adult applications

The ransomware can encrypt the user data and lock the device after receiving a command from C&C server, then requesting ransom as an exchange for decrypting and releasing the locked device. File encoding ransomware is a very popular type of infiltration for malware creators. They can easily gain a large amount of money. Mainly for

Continue reading File-encrypting Android ransomware strikes as adult applications

Porn clicking Trojan on Google Play can consume more than 3 GB in one day

Not long after one of the largest malicious campaigns on Google Play was revealed, Trojan porn clickers were once again available to install from the Play Store. The porn clicker made again thousands of Google Play users infected around the world.   In two weeks another 39infected applications were found with thousands of installs. The

Continue reading Porn clicking Trojan on Google Play can consume more than 3 GB in one day

Android MazarBot stealing credit card information in Italy with certified issued by Putin

It looks like the MazarBot is a very persistent botnet focusing on selected countries. The last time it was Denmark, now it is reaching into the pockets of Italian people. The MazarBot is trying to lure detail credit card information on behalf of WhatsApp application and send them to the remote server.    The MazarBot

Continue reading Android MazarBot stealing credit card information in Italy with certified issued by Putin

Recent MazarBot targeting the MobilePay can lock and erase your device

Based on data by Danske Bank in 2015, MobilePay was the 3rd most frequently used application in Denmark after Facebook and Facebook messenger with more than 2.7 million people using it regularly.      Not long after the MazarBot was discovered by Heimdal Security, a new version is targeting Danish people again. Peter Kruse form

Continue reading Recent MazarBot targeting the MobilePay can lock and erase your device