7 Tips How to Recognize Phishing E-mail Pretending to be from Your Bank   


Recently our internet probes detected  several massive phishing campaigns aiming at banks mostly located in Europe. All of them are fitting the same patterns and an educated user could easily spot them. Since phishing campaigns could lead to identity theft, financial loss, and data compromising, let’s look at these 7 tips that help you recognize how to spot these phishing e-mails. But first …       Let’s talk numbers     Phishing attacks or phishing scam are with no doubts one of the biggest security challenges today and not only for banking institutions. Phishing attempts have grown 65% in the last year (according to the PhishMe’s Enterprise Phishing Resiliency and Defense Report) and this year the number will be probably even higher. Why? For fraudster the creation of a ph ...


BackSwap Banking Malware Analysis


1.   Management summary Backswap is financial malware whose activity has been discovered in 2018. Throughout the year, several campaigns have emerged in Poland, Spain, Czech Republic and other European countries.   The malware’s modus operandi significantly differs from what we have observed so far among banking trojans, successfully evading detection of many “third party” security solutions tailored for end-user protection, however we can confirm, that ThreatMark AFS 2018 can detect all known variants of BackSwap using behavioral traits detection technique.   The BackSwap malware is likely a modification of old Tinba (Tiny Banker) banker trojan as they share significant portions of the source code. The dropper file is distributed as infected binary of  a legitimate freeware such ...


Dockerized Redis performance on CentOS 7.5


    ThreatMark AFS (Anti Fraud Suite) is a system that delivers real-time insights on the user behavior and risk associated with every user action within digital banking or similar applications. Similarly to other enterprise systems, AFS uses several open source components. The usage of such components naturally brings challenges around its deployment, maintenance, and performance. Redis is one of these components. AFS relies on Redis as a cache and storage for session data, making it a critical piece of our infrastructure. Previously Redis was deployed, along with database, on bare OS (virtualized or bare-metal). In an effort to converge to a cloud native infrastructure, we have decided that Redis is a good candidate for dockerization. The initial step is borderline trivial R ...


Another Malware from Spy.Banker Family Attacks Czech Banks


Czech banks are under attack again. To be more specific, their clients are. Using the already proven strategy, a trojan horse called Android/Spy.Banker.AKJ delivers malicious payload using a trojanized application called Blockers Call 2019. The goal of this malware is to trick the user and perform a fraudulent transaction on their behalf.   Ten-thousand Users Endangered As said above, this attack aims specifically at customers of several Czech banks, which have installed an application called Blockers Call 2019 (com.callblocker.adroid) from Google Play. Application, which was an initially a useful tool for blocking unwanted phone calls, has been trojanized. It is simillar the technique we have witnessed in the QRecorder case a few months ago. After uploading, Spy.Banker.AKJ (sometimes ...


Attack Vector of Android/Spy.Banker.AIX. Country Specific Malware Aimed at Banking Application

Attack Vector of Android/Spy.Banker.AIX. Country Specific Malware Aimed at Banking Application Any application that you have installed on your mobile phone can be a ticking bomb if unprotected. You would not expect a well-known application like QRecorder with its 10,000 installs that it will seize your credentials, steal authorization SMS, and transfer your money to an unknown account. Up until today, almost €78,000 have been stolen.   Setting the Scene The popular QRecorder application has been available in the Google Play repository for a long time. After the latest update, the application has been trojanized. A trojan horse called Android/Spy.Banker.AIX allows an attacker to perform fraudulent transactions on behalf of the client. Following many other affairs with compromised appli ...