Emerging Threats

Our musings on navigating the ever-evolving cyber & physical threat landscapes.

Blog > Emerging Threats

Malware Loaders Continue to Evolve, Proliferate

Loaders, for the most part, have one job: grab malicious executables or payloads from an attacker-controlled server. But that doesn’t mean there isn’t more happening under the hood of some, such as a user-friendly UI, self-healing capabilities, or the equivalent of a retail shop where a botmaster can sell his bots to potential clients. Loaders […]

Read more

Peer-to-Peer Cryptocurrency Exchanges Abused in Cash-Out Schemes

By Flashpoint Analyst Team
July 16, 2018

Cybercriminals responding to security measures such as Know-Your-Customer implemented by Coinbase and other reputable cryptocurrency exchanges have begun to abuse legitimate peer-to-peer exchanges instead to convert or launder stolen funds. Flashpoint analysts have observed a growing number of underground discussions and specific recommendations around certain peer-to-peer services that threat actors consider valuable for converting cash […]

Read more

Banco de Chile ‘MBR Killer’ Reveals Hidden Nexus to Buhtrap Malware Kit Used to Target Financial Institutions, Payment Networks

Wiper malware that may have destroyed as many as 9,000 workstations and 500 servers inside the Banco de Chile in a late-May attack has similarities to the Buhtrap malware component known as MBR Killer, leaked to the underground in February 2016. Analysts at Flashpoint reverse-engineered the identified malware linked to the May 24 attack against […]

Read more

SIM Swap Fraud Offers Account Takeover Opportunities for Cybercriminals

By Flashpoint Analyst Team
June 8, 2018

Key Takeaways • The term SIM swapping has historically referred to phone number takeover using a variety of different methods. These have included password reuse, social engineering of customer service professionals, and using leaked databases and personal information (such as Social Security numbers (SSNs) to facilitate phone line takeover. More recently, observed online activity suggests […]

Read more

Targeting Popular Job Recruitment Portals About More Than PII

Job listing and recruitment portals have been an attraction for cybercriminals given the volume of personal information uploaded to those sites in the form of resumes, cover letters and other data specific to individuals. But there’s more to criminals’ interest than just stealing personally identifiable information. Security shortcomings on some of these sites can expose […]

Read more

Card Shops Endure as a Primary Method of Fraud

Underground card shops endure because they are the epitome of a centralized criminal economy. At their highest levels, card shops are stood up by an established infrastructure, a team accountable for the product, and reputations that translate to revenue. Despite many gains by the law enforcement and private-sector research communities, card shops figure to remain […]

Read more

Trickbot and IcedID Botnet Operators Collaborate to Increase Impact

Different banking malware operations previously competed for victims, often seeking out and uninstalling one another upon compromising machines; for example, the SpyEye malware would uninstall Zeus upon infection. Now, in what may indicate a shift toward more collaboration among cybercrime groups, the operators of the IcedID and TrickBot banking Trojans appear to have partnered and […]

Read more

Latin American “Bineros” Ramping Up Fraudulent Activity

Fraudulent activity among Latin American cybercriminals, known as bineros, continues to plague online streaming services and retailers operating in the region. The source of this death-by-a-thousand-cuts type of fraud is an undetermined issue with the validation of BINs. Bineros operate in Spanish-language (and some Portuguese-language) Latin-American underground communities and focus on the hunt for security […]

Read more

TreasureHunter Point-of-Sale Malware and Builder Source Code Leaked

The source code for a longstanding point-of-sale (PoS) malware family called TreasureHunter has been leaked on a top-tier Russian-speaking forum. Compounding the issue is the coinciding leak by the same actor of the source code for the malware’s graphical user interface builder and administrator panel. The availability of both code bases lowers the barrier for […]

Read more