Hackers are reportedly targeting 59 banking, fintech and cryptocurrency platforms while spreading through popular applications such as WhatsApp and Outlook.
A trojan called TCLBanker is hitting Windows systems through tainted Microsoft installation packages, reports BleepingComputer.
It was discovered by Elastic Security Labs, whose researchers believe it is a major evolution of the older Maverick and Sorvepotel malware family.
The report says TCLBanker checks infected devices for timezone, keyboard layout and locale. The malware includes worm modules that allow it to spread automatically through WhatsApp and Microsoft Outlook.
Once a targeted site is opened, the malware creates a WebSocket session with its command-and-control server and begins remote control operations.
The malware’s operator capabilities include live screen streaming, screenshots, keylogging, clipboard hijacking, shell command execution, file system access and remote mouse and keyboard control.
TCLBanker also uses fake overlay screens to collect credentials, PINs, phone numbers and other sensitive information. Those overlays can include fake credential prompts, PIN keypads, bank support waiting screens, Windows Update screens and fake progress screens.
BleepingComputer says TCLBanker appears to be targeting apps in Brazil, and monitors a victim’s browser address bar every second and watches for visits to one of its 59 targeted platforms.
Follow us on X, .
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
___________________
Images May Be Sourced From Pixabay, Creative Commons & Midjourney
The post Hackers Targeting 59 Banking, Fintech and Crypto Platforms, Stealing Credentials, PINs and More: Report appeared first on The ICD.
Please note, this site provides content for entertainment purposes only and does not offer financial advice. Read more here
