Emerging Threats

Our musings on navigating the ever-evolving cyber & physical threat landscapes.

Blog > Emerging Threats

Trickbot and IcedID Botnet Operators Collaborate to Increase Impact

Different banking malware operations previously competed for victims, often seeking out and uninstalling one another upon compromising machines; for example, the SpyEye malware would uninstall Zeus upon infection. Now, in what may indicate a shift toward more collaboration among cybercrime groups, the operators of the IcedID and TrickBot banking Trojans appear to have partnered and […]

Read more

Latin American “Bineros” Ramping Up Fraudulent Activity

Fraudulent activity among Latin American cybercriminals, known as bineros, continues to plague online streaming services and retailers operating in the region. The source of this death-by-a-thousand-cuts type of fraud is an undetermined issue with the validation of BINs. Bineros operate in Spanish-language (and some Portuguese-language) Latin-American underground communities and focus on the hunt for security […]

Read more

TreasureHunter Point-of-Sale Malware and Builder Source Code Leaked

The source code for a longstanding point-of-sale (PoS) malware family called TreasureHunter has been leaked on a top-tier Russian-speaking forum. Compounding the issue is the coinciding leak by the same actor of the source code for the malware’s graphical user interface builder and administrator panel. The availability of both code bases lowers the barrier for […]

Read more

Threat Actors Shift to Android-Based Carding, Struggle with iOS

By Flashpoint Analyst Team
May 9, 2018

Cybercriminals operating on Russian-language Deep & Dark Web (DDW) forums are demonstrating an increased interest in using mobile operating systems—specifically Android—to evade detection when using stolen payment card data to make fraudulent purchases online, Flashpoint analysts said. Since these schemes, known as carding, are typically carried out using desktop computers, many cybercriminals seem to believe […]

Read more

BEC: All We Need is Love and Mules

Business Email Compromise (BEC) scams have for years ensnared executives inside large organizations, including decision-makers at the highest levels who are duped by clever social engineering into transferring sometimes millions of dollars into a fraudulent account. A growing segment of this type of attack, however, plays on the heartstrings of the lonely and preys on […]

Read more

Botnet Operators Cash in on Travel Rewards Program Credentials

Flashpoint analysts have been tracking several small specialty shops in the Russian-language underground advertising access to the login credentials of customer accounts for travel and hospitality rewards points programs. Since the observed vendors appear to offer a small number of accounts from a large number of institutions, Flashpoint analysts believe the accounts were obtained incidentally […]

Read more

‘Rubella Macro Builder’ Crimeware Kit Emerges on Underground

A crimeware kit dubbed the Rubella Macro Builder has recently been gaining popularity among members of a top-tier Russian hacking forum. Despite being relatively new and unsophisticated, the kit has a clear appeal for cybercriminals: it’s cheap, fast, and can defeat basic static antivirus detection. First offered for sale in late February for the relatively […]

Read more

Crypto Elite Down on Blockchain’s Security Applications, Call for Hardware Bug-Disclosure Improvements

April 18, 2018

SAN FRANCISCO—The Cryptographers’ Panel at RSA Conference is an annual table-setter for the security field where the industry’s elders and the best of the next generation make an informal declaration about what’s going to matter for the next 12 months. In a rapid-fire hourlong panel on Tuesday, Ron Rivest, Adi Shamir (the R and S […]

Read more

Fraudsters Leverage HTTP Injectors to Steal Internet Access

Threat actors are seeking and exchanging HTTP injectors in order to gain unpaid mobile access to the internet, defrauding service providers and telecommunications companies in the process. Flashpoint analysts have observed widespread chatter pertaining to the use of HTTP injectors, which modify HTTP headers on network requests with malicious code that tricks captive portals into […]

Read more