New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear
Coverage of Trojan malware examines reported incidents, technical analysis, infrastructure, disruption efforts, and defensive guidance for reducing cyber risk.
Search across headline titles and summaries.
Background for this topic.
A Trojan is malware that masquerades as legitimate, useful, or necessary software so a user or process runs it. “Trojan” describes a delivery or deception technique rather than one malware family; capabilities vary by sample and may include credential theft, surveillance, file manipulation, or remote access. Unlike self-propagating malware, a Trojan generally depends on being installed or executed through some other means.
Security analysis should identify the specific family and executable behavior rather than treating every Trojan as equivalent. Material concerns include untrusted software and tampered installers, execution under excessive privileges, and unauthorized persistence or access to sensitive data. Defenses include using trusted software sources and code-signature or application-control checks, limiting user privileges, monitoring endpoint process and network activity, and isolating suspected hosts. After detection, preserve relevant evidence, remove persistence, assess credential exposure, and investigate other affected systems before returning the device to normal use.
A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear
Thousands of devices have become infected with "BadBazaar," malware previously used to spy on Uyghur and Turkic ethnic minorities in China.
The stealthy Trojan targets users in Southeast Asia, allowing attackers to remotely control devices to commit bank fraud.
A previously undocumented Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June 2023 to remotely commandeer the devices and perform financial fraud
The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.