Despite the 2016 Olympics coming to a close, cybercriminals remain relentless in using the sporting event as a social engineering hook to distribute a banking Trojan. Earlier this month, we spotted a phishing campaign that led victims to unknowingly download the Banker malware. Although Banker has been in the wild for years, this time we see it using a Dynamic Loading Library (DLL) with malicious exported functions. One of the export calls used is to check if the victimized system is located in Brazil. If the geolocation points to Brazil, then another malicious file is downloaded. This particular new routine points to the possibility of the cybercriminals’ intention of riding on the popularity of the Olympics to lure users. Apart from Banker, there are reports indicating that other banking Trojans, are doing the same thing. For instance, Sphinx ZeuS has enhanced its capabilities because of the Olympics.Read More
In the first quarter of 2016, Singaporeans were targeted by phone calls that pretended to be from various courier services. These automated phone calls would say that the victim had received a package, and asked them to provide sensitive personal information such as their name, address, National Registration Identity Card (NRIC) number, passport number, and bank account details.Read More
While French underground marketplaces are typically located in the “Dark Web”, recently they ventured out onto YouTube to advertise the newest addition to their services: online gambling.Read More
As a Canadian Threat Analyst, one challenge that I and others like me face is that there are very few threat reports that focus on or cover Canada. There are a few, but we generally have to rely on reports from the US (like Trend Micro’s report examining the North American Underground), and then extrapolate these into the Canadian context. After all, US and Canadian threats are the same, right?Read More
Our research into various cybercriminal underground communities has taken us to Japan. The Japanese Underground looks into this growing community, with a particular focus on the items they sell, such as passports, firearms, and child pornography.
Over the years we have tracked cybercrime activity and targeted attacks in Japan. Japan is no stranger to cyber attacks and malware-related incidents—from recent malvertising attacks in early October to EMDIVI malware targeting Japan companies, and even to banking malware centered in the region in 2014. Despite these incidents and more, our research on the cybercrime underground in Japan shows that the underground economy is still fairly younger and smaller compared with its foreign counterparts.Read More