Cybercrime, the “Hesap hareketleriniz” email carries Remcos
A new zipped attachment contains an exe: the malware, while the text and C2s do not change from previous campaign waves.
Cybercrime, the Remcos bank-themed campaign changes template
The email, referring to an account statement of Garanti BBVA, now also contains an IBAN. The attachment is a compressed file in z format with an exe inside: the malware.
Cybercrime, new wave of the AgentTesla campaign on Isbank
The message template is identical to the previous one, except for the dates and the name of the attachment: 25_153325_221122_113030.7z. Inside is an exe, the malware, which exfiltrates stolen data via SMTP.
Cybercrime, AgentTesla now passes by banks in Turkey
The email attachment “12790429914_20221122_05373027_HesapOzeti.7z” contains an exe file: the malware. Stolen data is exfiltrated via SMTP.
Cybercrime, Greece victim of a phishing campaign with keylogger
Bleeping Computer cybersecurity experts: The decoy is an alleged tax refund. Through fake sites, the data entered by the user is stolen in real time.
Cybercrime, BRATA is evolving into an APT
Cleafy cybersecurity experts: Threat actors behind the malware now target a specific financial institution at a time, and change their focus only once the victim starts to implement countermeasures.
Cybercrime, Bizarro targets customers of 70 banks in Europe and South America
Kaspersky cybersecurity experts: The malware attacks Germany, Spain, Portugal, France, Italy, Chile, Argentina and Brazil.
Cybercrime, Formbook campaign via false bank receipt
The email .gz attachment contains an exe file, the malware itself. This, if opened, activates the infection.
Cybercrime, North Korea is targeting banks in over 30 countries
US cyber security experts: BeagleBoyz gang is targeting organizations with Op. “FASTCash 2.0”, in an ongoing cyber-enabled bank robbery scheme, attempting to steal $2 Billions.
Cybercrime, Silence has targeted major banks in the sub-Saharan Africa
Kaspersky cyber security experts: The APT is about to begin the final stage of it’s operation and cash out the funds. Many elements confirm that is the work of the russian-speaking hackers.