trojan


BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device’s screen. [Read More]
by RSS Dario Durando  |  Sep 19, 2017  |  Filed in: Security Research
      KONNI is a remote access Trojan (RAT) that was first reported in May of 2017, but is believed to have been in use for over 3 years. As Part of our daily threat monitoring, FortiGuard Labs came across a new variant of the KONNI RAT and decided to take a deeper look. KONNI is known to be distributed via campaigns that are believed to be targeting North Korea. This new variant isn’t different from previous variants, as it is dropped by a DOC file containing text that was drawn from a CNN article entitled 12 things... [Read More]
by RSS Jasper Manuel  |  Aug 15, 2017  |  Filed in: Security Research
Background Last week, FortiGuard Labs captured a JS file that functions as a malware downloader to spread a new variant of the Emotet Trojan. Its original file name is Invoice__779__Apr___25___2017___lang___gb___GB779.js.  A JS file, as you may be aware, is a JavaScript file that can be executed by a Window Script Host (wscript.exe) simply by double-clicking on it. In this blog we will analyze how this new malware works by walking through it step by step in chronological order. A JS file used to spread malware The original JS code... [Read More]
by RSS Xiaopeng Zhang  |  May 03, 2017  |  Filed in: Security Research
As part of Fortinet’s continued efforts to protect its customers, we carry out a variety of tests to improve the detection of malicious content, whether it’s file or network related. While checking out some HTTPS phishing websites last month, one URL stood out. It wasn’t a phishing site, but it downloaded a file called BR52357896253ex.zip (which is detected as “Java/Banload.BD!tr” by Fortinet AntiVirus service) from a file sharing website. The compressed file also contained a Jar that downloaded additional files,... [Read More]
by RSS Lilia Elena Gonzalez Medina  |  Oct 14, 2016  |  Filed in: Security Research
August ended with the spike in malware activity we predicted last week to welcome everyone back to school and work. Here is a summary of this week’s FortiGuard Threat Intelligence Brief. 1. Ransomware explodes. Ransomware took off this week, filling nine of our weekly top-ten malware detection list slots. Not only that, but while last week our top five detections list amounted to about 2.5 million attempted ransomware infections, this week the top five totaled over 15.5 million ransomware attempts. That more than a 6X increase in a single... [Read More]
by RSS Bill McGee  |  Sep 02, 2016  |  Filed in: Industry Trends
Remote Administration Tools (RAT) have been around for a long time. They provide users and administrators with the convenience of being able to take full control of their systems without needing to be physically in front of a device. In this age of global operations, that’s a huge deal. From troubleshooting machines across countries to observing employees across rooms, RAT solutions have become widely used tools for remote maintenance and monitoring. Unfortunately, malware authors often utilize these same capabilities to compromise systems.... [Read More]
by RSS Floser Bacurio Jr. and Joie Salvio  |  Aug 29, 2016  |  Filed in: Security Research
At FortiGuard, we wouldn't let you down without an analysis of Pokémon Go. Is it safe to install? Can you go and hunt for Pokémon, or stay by a pokestop longing for pokeballs? While this article won't assist you in game strategy, I'll give you my first impressions analyzing the game. Versions There are two sorts of Pokémon applications: 1. The official versions, issued by Niantic. We will talk more about these later, but in brief, they are not malicious. 2. The hacked versions. These are... [Read More]
by RSS Axelle Apvrille  |  Aug 11, 2016  |  Filed in: Security Research
While inspecting the Pokémon Go application, I incidentally found information on ... Pokémon Go Plus. Basically, this is the Pokémon IoT: a connected wristband with a button (to throw a pokéball, for instance), a RGB LED, and vibration capability (e.g to notify of nearby Pokémon). The device is not yet released, and the software is still under development: as you can see below, versions 0.29.x corresponds to "BETA4". Implementation in version... [Read More]
by RSS Axelle Apvrille  |  Aug 11, 2016  |  Filed in: Security Research
Because of the recent outbreak of the Locky ransomware, Dridex has become synonymous with the distribution of ransomware more generally. However, Dridex is still taking good care of its notorious original business– banking Trojans. While preparing the materials for my upcoming HITBAMS2016 talk on Kernel Exploit hunting and mitigation, I came across this new variant of Dridex (SHA1: 455817A04F9D0A7094038D006518C85BE3892C99), which is rather interesting. The Master of Antivirus Killers Based on some simple string checks, we assumed... [Read More]
by RSS Wayne Chin Yick Low  |  Mar 23, 2016  |  Filed in: Security Research
Overview Over the last few months, the Shifu banking Trojan has become more common in the wild prevalent and the malware family has been getting a fair amount of attention both from researchers and the mainstream media. there have been a number of discussions surrounding the malware family. We also became aware that this malware attempts to bypass our sandbox technology, FortiSandbox. In this post, we will share some of our findings on this new banking Trojan and also talk about how our technologies can support and address Shifu. Prevalence While... [Read More]
by RSS Floser Bacurio  |  Nov 03, 2015  |  Filed in: Industry Trends