Carberp source code leak “could lead to new wave of attacks”
The source code for banking malware Carberp has been released online - raising the possibility a new wave of attacks using variants of the sophisticated Trojan.
The source code for banking malware Carberp has been released online - raising the possibility a new wave of attacks using variants of the sophisticated Trojan.
Aleksandr Matrosov reveals changes in banking Trojan Carberp relating to Java/Spy.Banker (AgentX.jar) and gaining remote access using legitimate software as backdoor components.
This paper consolidates information published By ESET and Group-IB researchers on Russian malware that attacks Russian RBS (Remote Banking Systems) transactions: now updated to version 1.1 to include additional material.
Carberp is a unique case, with all the guys who organized really big botnets and made big profits (millions of US dollars) being arrested.
Group-IB and ESET Russia assisted in the investigation that led to the arrest of 6 people suspected of stealing 125m roubles from bank customers in Russia .
The latest research on the Win32 Carberp gang and the technicalities and evolution of the malware, as presented at CARO 2012.
The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507
Group-IB's joint investigations with the FSB and MVD resulted in the arrest of a gang of eight accused of larceny, creation of malware, and unauthorized access.
Facebook fraud, Carberp, statistics and a DDoS plugin.
"Win32/Carberp: When You're in a Black Hole, Stop Digging" aggregates most of our published material on Carberp into a single resource.
This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.
This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family.
ESET researchers uncover several instances of malware that uses various attack vectors to target systems isolated by an air gap
Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx.
The Operation Buhtrap campaign targets a wide range of Russian banks, used several different code signing certificates and implements evasive methods to avoid detection.
It started, innocently enough, as a question asked in the ESET Security Forum titled "Eset – Do I Really Need Antivirus On My Linux Distros?" However, the answer to that seemingly simple question on Linux antivirus is more complex than a simple yes-or-no response.
ESET research on Operation Windigo received an award at Virus Bulletin 2014. Our research on bootkits was also well received, and is now available publicly.
Win32/Corkow is banking malware with a focus on corporate banking users. We can confirm that several thousand users, mostly in Russia and Ukraine, were victims of the Trojan in 2013. In this post, we expand on its unique functionality.
A little-known banking trojan, developed in Russia, has managed to infect thousands of victims' computers without the knowledge of their owners. Graham Cluley takes a closer look.
The first sign we saw of this malware was in mid-May 2013, but it is still very active, and uses Android to bypass two-factor authentication systems. It clearly seeks to infect Dutch computers - 75% of detections come from this region.