Malware May 19, 2022

ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups

24 min read - IBM Security X-Force researchers have continually analyzed the use of several crypters developed by the cybercriminal group ITG23, also known as Wizard Spider, DEV-0193, or simply the “Trickbot Group”. The results of this research, along with evidence gained from the…

Endpoint February 2, 2022

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

6 min read - Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is…

Advanced Threats January 31, 2022

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to…

News October 27, 2021

Triada Trojan Conceals Itself in WhatsApp Mod

2 min read - A variant of the Triada Trojan concealed itself within a WhatsApp mod for Android devices, Kaspersky found in August. What Is Triada? Threat actors hid Triada within the WhatsApp mod FMWhatsapp 16.80.0. The security firm also found the Trojan modification,…

Advanced Threats October 13, 2021

Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

11 min read - IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and…

Banking & Finance September 23, 2021

New ZE Loader Targets Online Banking Users

11 min read - IBM Trusteer closely follows developments in the financial cyber crime arena. Recently, we discovered a new remote overlay malware that is more persistent and more sophisticated than most current-day codes. In this post we will dive into the technical details…

News April 21, 2021

Google Blocks Remote Access Trojan Targeting Android

2 min read - Clast82, a malware dropper that helps attackers spread the AlienBot mobile remote access Trojan and malware-as-a-service, has been detected on Google’s Play Store. After Clast82 sought to evade Google’s detection, it was patched in February. Read on to find how enterprise can…

Data Protection January 26, 2021

TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version?

9 min read - October 2020 saw the TrickBot Trojan, a prominent cybercrime gang’s tool of choice, suffer a takedown attempt by security vendors and law enforcement. Unfortunately, the takedown was not effective, and beyond coming back to life shortly after, TrickBot’s operators released…

June 1, 2020

Trickbot Replaces ‘Mworm’ Propagation Method With New ‘Nworm’ Module

2 min read - Security researchers discovered that the Trickbot Trojan has replaced its "mworm" propagation method with a new "nworm" module.

May 26, 2020

New Android Malware Channels Malicious Activity Through Accessibility Services

2 min read - Security researchers uncovered a new Android malware strain called "DEFENSOR ID" that channels its malicious activity through a device's Accessibility Services.