Security Alerts & News
by Tymoteusz A. Góral

History
#2024 Read The Manual - a guide to the RTM banking trojan (PDF)
There are several groups actively and profitably targeting businesses in Russia. A trend that we have seen unfold before our eyes lately is these cybercriminals’ use of simple backdoors to gain a foothold in their targets’ networks. Once they have this access, a lot of the work is done manually, slowly getting to understand the network layout and deploying custom tools the criminals can use to steal funds from these entities. Some of the groups that best exemplify these trends are Buhtrap, Cobalt and Corkow.

The group discussed in this white paper is part of this new trend. We call this new group RTM it uses custom malware, written in Delphi, that we cover in detail in later sections. The first trace of this tool in our telemetry data dates back to late 2015. The group also makes use of several different modules that they deploy where appropriate to their targets. They are interested in users of remote banking systems (RBS), mainly in Russia and neighboring countries.

In this paper, we cover the details of their tools, whom they target, and offer a rare glimpse into the type of operation they are carrying out.
Read more
#2027 Criminals monetizing attacks against unpatched WordPress sites
#2026 Android ransomware requires victim to speak unlock code
#2025 Cybercrime and other threats faced by the healthcare industry (PDF)
#2024 Read The Manual - a guide to the RTM banking trojan (PDF)
#2023 Malware lets a drone steal data by watching a computer’s blinking LED
#2022 Bitcoin trader hit by "severe DDoS attack" as bitcoin price nears all-time high
#2021 Blizzard ends support for Windows XP and Vista
#2020 Rogue Chrome extension pushes tech support scam
#2019 New crypto-ransomware hits macOS
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12