Home > Knowledge Centre > banking Trojan
Banking Trojans

Beware – Banking Trojans Using Enhanced Techniques to Spread Malware.

  • Akshay Singla / 4 years
  • 0
  • 4 min read

In our Open-Source Threat Hunting, Quick Heal Security Researchers encountered a banking Trojan named Aberebot capable of stealing sensitive information from infected devices, including financial and personal data. Malware authors used advanced anti-reverse engineering and obfuscation techniques to avoid detection. From our investigation, the fake malicious application requires some risky permissions, as shown in Fig […]

Android malware that combines a Banking Trojan, Keylogger, and Ransomware in one package

  • Gajanan Khond / 7 years
  • 0
  • 10 min read

This malware has all basic functionalities of the Android banker along with additional features like call forwarding, sound recording, keylogging and ransomware activities. It has the ability to launch user’s browser with URL received from the C&C server. It repeatedly opens the accessibility setting page until the user switches ON the ‘AccessibilityService’. The AccessibilityService allowing the Trojan to […]

IcedID – a new sophisticated banking Trojan: a technical analysis by Quick Heal Security Labs

  • Subhrojyoti Chowdhury / 8 years
  • 1
  • 4 min read

IcedID is a new player in the banking Trojan family. It has a modular architecture and capable of stealing banking credentials of the user by performing a man-in-the-middle attack (MITM). IcedID sets up a local proxy and redirects all Internet traffic through it. Additionally, it can download and execute components required for stealth. Infection vector […]

Just hovering your computer mouse over a hyperlink can get your computer infected

  • Quick Heal Security Labs / 9 years
  • 3
  • 3 min read

In a new kind of attack, cybercriminals are infecting computers with a banking Trojan simply by fooling users into hovering over a link embedded in a malicious PowerPoint file. Attackers are sending malicious PowerPoint Show (PPS) or Open XML Slide Show (PPSX) to users via spam emails. These files only open in slideshow modes and […]

Beware! The TrickBot Trojan is back

  • Quick Heal Security Labs / 9 years
  • 0
  • 3 min read

TrickBot Trojan was first identified in mid-2016 and considered similar to the Dyreza banking Trojan. Initially, the payload (the component of a computer virus that executes a malicious activity) was spreading through a malvertising campaign using the Rig Exploit Kit. From our current findings, we have found that TrickBot has changed its propagation technique and […]

Banking malware, Dridex bounces back through PDF

  • Ankita Ashesh / 9 years
  • 0
  • 3 min read

Dridex is a banking malware which uses macros to spread on windows systems. Spam email attachments are utilized to spread this infection. Banking malware are generally key loggers. They trick users into opening the attachment; it then records the keystrokes on user’s computer and uses them for their own benefit. Recently spotted Dridex engagement contained […]

Cerber Ransomware and Kovter Trojan Team up Together

  • Quick Heal Security Labs / 9 years
  • 0
  • 3 min read

For the last 2 weeks, we have been observing a malware campaign using spam emails that look like they are from United States Postal Service (USPS) or FedEx. These emails are distributing the Cerber Ransomware along with Kovter Trojan – a lethal combination! The spam email contains a malicious script file linked to compromised websites […]

The Curious Case of Upatre

  • Sakshat Karkare / 10 years
  • 1
  • 6 min read

What is Upatre? Upatre is a piece of malicious software that downloads and executes other malware. The name ‘Upatre’ comes from User Agent string “UPdATes downloadER” used by the malware. We have been observing Upatre infections since 2013 at the Quick Heal Threat Research lab. The curious thing here is that, attackers running Upatre campaign […]