Cybercrime & Digital Threats

CamuBot (detected by Trend Micro as TrojanSpy.Win32.CAMUBOT.A), is a recently discovered banking Trojan that targets business-class bank users in Brazil using a blend of phishing and malware techniques.

Cybercriminals hack legitimate email accounts to enter the IT premises of an organization and carry out attacks ranging from fraud and spying to information and identity theft. Find out how AI and machine learning can be used to outsmart email hackers.

A hacking campaign was uncovered that has so far affected more than 7,339 websites running on the Magento e-commerce platform. The attacks involve injecting MagentoCore, a malicious payment card data-stealing script, into the affected websites.

We discovered a fileless cryptocurrency mining malware (Fileless-DASKUS) variant back in February that uses PowerShell (PS) to perform its routine.

Trend Micro researchers recently discovered a new spam campaign being distributed with a downloader under the guise of a .WIZ which then drops a backdoor payload. This spam campaign has been noted to target financial institutions.

A campaign targeting Peruvian banks involve the use of phishing emails intended to lure victims via clickable links advertising Bitcoin.

A Nigerian man was convicted after using phishing scams in an attempt to steal over $6 million dollars from employees of several targeted US colleges and universities.

We discovered spam mails abusing EGG (.egg) files to deliver the GandCrab v4.3 ransomware. Additionally, the operators behind the spam mails appear to be specifically going after South Korean users, as evidenced by the use of Hangul in the spam mails.

Security researchers have been trailing the activity of cybercriminals who have waged a hijacking campaign on IoT devices, which aimed to steal the sensitive banking information of Banco de Brasil’s customers.