New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico
Coverage of Trojan malware examines reported incidents, technical analysis, infrastructure, disruption efforts, and defensive guidance for reducing cyber risk.
Search across headline titles and summaries.
Background for this topic.
A Trojan is malware that masquerades as legitimate, useful, or necessary software so a user or process runs it. “Trojan” describes a delivery or deception technique rather than one malware family; capabilities vary by sample and may include credential theft, surveillance, file manipulation, or remote access. Unlike self-propagating malware, a Trojan generally depends on being installed or executed through some other means.
Security analysis should identify the specific family and executable behavior rather than treating every Trojan as equivalent. Material concerns include untrusted software and tampered installers, execution under excessive privileges, and unauthorized persistence or access to sensitive data. Defenses include using trusted software sources and code-signature or application-control checks, limiting user privileges, monitoring endpoint process and network activity, and isolating suspected hosts. After detection, preserve relevant evidence, remove persistence, assess credential exposure, and investigate other affected systems before returning the device to normal use.
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico
Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.
Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power. The analyst team at ANY.RUN came across the newest
The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity
The APT36 hacking group, aka 'Transparent Tribe,' has been observed using at least three Android apps that mimic YouTube to infect devices with their signature remote access trojan (RAT), 'CapraRAT.' [...]
A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC