Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Block 17 of the most common new banking and crypto trojans and malware #412

Open
8 of 18 tasks
summercms opened this issue Dec 14, 2023 · 4 comments
Open
8 of 18 tasks
Labels
Code Update 🔔 Code Update enhancement 👍 New feature or request In-progress In-progress Priority: Medium Priority: Medium

Comments

@summercms
Copy link
Contributor

summercms commented Dec 14, 2023

Enhancement idea

  • Block 17 of the most common new banking and crypto trojans and malware.
  • Anubis
  • BrasDex
  • Cabassous
  • Coper
  • Exobot aka Coper
  • GoatRat
  • Godfather
  • Hook
  • Medusa
  • Mysterybot
  • Nexus
  • PixBankBot
  • Pixpirate
  • Saderat
  • Teabot
  • Vultur
  • Xenomorph

Description

These ten new trojans are listed below:

  1. Nexus: MaaS (malware-as-a-service) with 498 variants offering live screen-sharing, targeting 39 apps in nine countries.
  2. Godfather: MaaS with 1,171 known variants targeting 237 banking apps in 57 countries. It supports remote screen-sharing.
  3. Pixpirate: Trojan with 123 known variants powered by an ATS module. It targets ten bank apps.
  4. Saderat: Trojan with 300 variants targeting eight banking apps in 23 countries.
  5. Hook: MaaS with 14 known variants powered by live screen-sharing. It targets 468 apps in 43 countries and is rented to cybercriminals for $7k/month.
  6. PixBankBot: Trojan with three known variants targeting four banking apps. It comes with an ATS module for on-device fraud.
  7. Xenomorph v3: MaaS operation with six variants capable of ATS operations, targeting 83 bank apps in 14 countries.
  8. Vultur: Trojan with nine variants targeting 122 banking apps in 15 countries.
  9. BrasDex: Trojan that targets eight bank apps in Brazil.
  10. GoatRat: Trojan with 52 known variants empowered by an ATS module, targeting six banking apps.

image

Of the malware families that existed in 2022 and were updated for 2023, those that maintain notable activity are: Teabot, Exobot, Mysterybot, Medusa, Cabossous, Anubis and Coper.

Links

https://www.zimperium.com/resources/zimperiums-2023-mobile-banking-heists-report-finds-29-malware-families-targeted-1800-banking-apps-across-61-countries-in-the-last-year/

https://threatfox.abuse.ch/browse/malware/apk.anubis/

https://www.threatfabric.com/blogs/double-trouble-in-latam

https://otx.alienvault.com/pulse/639b1f94a3ce39ae072ace99

https://malpedia.caad.fkie.fraunhofer.de/details/apk.brasdex

https://threatfox.abuse.ch/browse/malware/apk.flubot/

https://www.threatfabric.com/blogs/partners-in-crime-medusa-cabassous

https://threatfox.abuse.ch/browse/malware/win.medusa/

https://threatfox.abuse.ch/browse/malware/apk.coper/

https://malpedia.caad.fkie.fraunhofer.de/details/apk.exobot

https://otx.alienvault.com/pulse/647f308d931109e6179b207b

https://threatfox.abuse.ch/browse/malware/apk.godfather/

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

n/a

IP's

n/a

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a

@summercms summercms added Code Update 🔔 Code Update In-progress In-progress Priority: Medium Priority: Medium enhancement 👍 New feature or request labels Dec 14, 2023
@summercms summercms changed the title Block 19 of the most common new banking trojans Block 17 of the most common new banking and crypto trojans and malware Dec 15, 2023
@summercms
Copy link
Contributor Author

@summercms
Copy link
Contributor Author

@summercms
Copy link
Contributor Author

@summercms
Copy link
Contributor Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Code Update 🔔 Code Update enhancement 👍 New feature or request In-progress In-progress Priority: Medium Priority: Medium
Projects
None yet
Development

No branches or pull requests

1 participant