New variant of Java RAT can use your Android device to mine Litecoin

A new variant of old Java RAT "UNRECOM" is being distributed via spam emails, detected by TrendMicro.

One such spam mail is pretending to be from American Express, informs recipients that their account have been suspended due to suspicious activity.

"Attached to this mail is your statement with the irregular activities highlighted. Please fill in the required information in the form also attached, this is required for us to continue to offer you service in a safe and risk free environment" The spam mail reads.

The attachment is none other than the Java Remote Access Trojan.


So, What is New ?
We aware this Java RAT can run on multiple platforms.  Now, it is capable of running on Android Devices. It has also Litecoin-mining plugin.  Other than that, it can capture screenshots and display messages.

In addition, the malware has also APK binder component, means it can be used to take legitimate android apps and turn them into malware.

Android malware iBanking helps attackers to hack Facebook account

An attacker can't hack a facebook account which has enabled two-step authentication, even if he know the username and password.  But, if you think Two-Step authentication is enough to keep your faebook account safe from hackers, Think Again!

Cyber criminals have started to use Android Banking Trojan "iBanking" to bypass Facebook's two-factor verification.

iBanking is malicious android application capable of intercepting SMS messages, forwarding incoming voice calls to any number and record victim's voice using mic.

Recently, RSA noted the release of source code for the iBanking trojan.  This source code leak helped other cyber criminals to customize this trojan according to their needs.

ESET reports that a customized iBanking malware targeting Facebook users is being delivered via a new variant of Computer Banking Trojan Qadars 

When a system is infected with Qadars Trojan, it will show a message when user is logging into Facebook telling them "Facebook introduces new extra safety protection system" and instructs them to install an android app.  This app will help cybercriminals to intercept SMS so that they can bypass the Facebook's two-factor verification.

"The way iBanking is installed on the user’s mobile is quite common, but it is the first time we have seen such a mobile application targeting Facebook users for account fraud." Researchers said.

Android malware steals money from QIWI Wallets

Cyber criminals are continually finding new ways to earn money using infected devices.  We aware of SMS Trojans that earn money by sending out premium-rated messages from the infected android devices.

Experts at Kaspersky have recently spotted a new Android Trojan that not only send SMSs to premium-rate numbers but also steals money from QIWI electronic wallet.

Visa QIWI Wallet is electronic payment service can be used to pay for goods and services around the world, receive payments, and transfer money.

Once installed on a device, the malware, dubbed as 'Waller', attempts to communicate with Command and control (C& C) server located at playerhome.info and awaits further commands.

Malware is capable of checking the balance of infected phone by sending SMS to mobile network operator and intercepts the reply, send SMS, open web pages, download and install other malware.  It is also capable of updating itself and send SMS to victim's contact list.

This trojan also checks the balance in the QIWI Wallet by sending an SMS to 7494.  The response messages is intercepted by the trojan and forwarded to the cyber criminals.  If there is money in the Wallet, the malware will send message to 7494 with attacker's wallet number and the amount to be transferred.

The Trojan is being distributed via SMS spam and cybercriminal's site disguising as various applications.

Malware uses Your Phone to generate virtual currency for cybercriminals


Is your android mobile phone often overheating or the battery draining faster than normal? There are chances that your mobile phone is infected with a malware that will use your phone to generate money for cyber criminals.

Researchers at Lookout have spotted a new piece of malware targeting android devices on some spanish forums that distributes pirated software.

This malware, referred as 'CoinKrypt', is not designed to steal any information from the infected devices.  However, that doesn't mean that it is not harmful.  It will use the maximum computation power of your device to generate virtual currencies.

It will result in the infected device getting overheated and will affect the battery life.

The malware appears to be targeting only newer virtual currencies such as Litecoin, Dogecoin, Casinocoin.  Since, one will need high computing power to generate the popular and most valuable virtual currency 'Bitcoin', the cyber criminals didn't include the bitcoin mining process in this malware.

At this time, it is almost one million times easier to mine Litecoin than Bitcoin and over 3.5 million times easier to mine Dogecoin. Even though these newer coins are not as valuable as Bitcoins(1BTC is around $650, 1LTC is reaching $20), cyber criminals are probably hoping that one day they will reach high value like Bitcoins.

Variant of Zbot makes money for cybercriminals via pay-per-click ads


Zeus(ZBot) is the notorious trojan known for stealing login credentials associated with online banking, continues to evolve.

A new variant spotted by TrendMicro security researchers is doing totally different task than other variants.  This variant displays websites containing advertisements..

Every time user try do something on the infected machine, these websites will get occupied on the entire screen preventing user from accessing other windows or files.

Even though victim can access the desktop by pressing the 'show desktop' shortcut(win+d),  but the websites still being displayed in the background.

"It should be noted that the sites being displayed are all legitimate–running from gaming sites, ticketing sites, music sites to search engines." researcher said.

"Users can actually navigate these displayed sites. One curious feature of this malware is that it also performs various mouse movements and scrolling when the mouse is idle."

Interestingly, this variant doesn't include a module to steal banking credentials.  However, it achieves the main goal of stealing credentials - making money for cyber criminals.

Dendroid, a new Android malware toolkit

Number of malware for Android platform is increasing day by day.  Cybercriminals trying to sell android-malware toolkit to others.  The first Android Remote admin tool is AndroRAT which is believed to first ever malware APK binder.

Symantec researchers have come to know another android malware toolkit called "Dendroid" is being sold in the underground forums.

A cybercriminal going by online handle "soccer" in the underground forum is selling this HTTP based RAT which is said to be having many malicious features.

The toolkit is able to create malicious apk file capable of 'deleting call logs', 'call to any number', 'open webpages', 'record calls', 'intercept sms', 'take and upload photos&videos', 'dos attack'.

Researchers say the cybercriminal also offer 24/7 support for this RAT.  Others can buy this toolkit by paying $300 through crypto currencies such as Bitcoins, Litecoins.

Experts have mentioned that this RAT has some link with the previous AndroRAT saying "the author of the Dendroid APK binder included with this package had assistance writing this APK binder from the author of the original AndroRAT APK binder.   "