Report an incident
Read in Polish Read in polish
  • About us
  • News
  • FAQ
  • Analyses
  • Publications
  • Contact
Tag #e-banking
  • 19 June 2018 Hubert Barc #analysis #bank #banker #e-banking #malware

    Backswap malware analysis

    Article thumbnail

    Backswap is a banker, which we first observed around March 2018. It’s a variant of old, well-known malware TinBa (which stands for “tiny banker”). As the name suggests, it’s main characteristic is small size (very often in the 10-50kB range). In the summary, we present reasoning for assuming …

    Read more
  • 16 May 2016 Malgorzata Debska #android #e-banking #malware

    GMBot: new ways of phishing data from mobile web browsers

    Article thumbnail

    GMBot (also known as slempo) was described on our blog on October 2015. This malicious application for phishing login and password associated with a specific user of electronic banking uses known and common techniques of application overlay. It is nothing else but a normal phishing attack, very similar to the …

    Read more
  • 16 March 2016 Malgorzata Debska #android #e-banking #malware

    Malicious iBanking application with new uninstall countermeasures

    Article thumbnail

    Our CERT laboratory recently received a sample of iBanking malware (along with a malicious JavaScript code snippet associated with it), posing as the mobile Trusteer Rapport antimalware solution. The attack scenario isn’t new, it has been used many times in the past, but recently we see an increase in …

    Read more
  • 21 January 2016 Malgorzata Debska #e-banking #Firefox #malware

    Banatrix successor – swapping acct numbers with a Firefox add-on

    Article thumbnail

    Our laboratory recently received a sample of malware used for attacks on Polish users of electronic banking. Analysis of this malware gave us reasons to believe, that this is the software written by the authors of Banatrix (which we discussed in greater detail in our earlier posts), Slave and e-mail …

    Read more
  • 14 October 2015 Łukasz Siewierski #actors #android #e-banking #malware #postal group #ransomware #trojan

    The Postal Group

    Article thumbnail

    During SECURE conference we have presented our findings about criminal group, which we called “Postal Group” (“Grupa pocztowa”) based on theris modus operandi. Detailed research regarding the group have been gathered in the form of report available under the link below.   PDF   During the SECURE conference, we presented a talk …

    Read more
  • 02 October 2015 Łukasz Siewierski #analysis #android #app overlay #e-banking #GMBot #trojan

    GMBot: Android poor man’s “webinjects”

    Article thumbnail

    Recently, we obtained a sample of a new Android banking trojan, named GMBot, which tries to be self-contained (i.e. does not need Windows counterpart) and uses application overlay as a poor man’s webinjects substitute. This malware uses known and common techniques, but implements them in a way similar …

    Read more
  • 03 July 2015 Łukasz Siewierski #Banatrix #e-banking #malware #ransomware #Slave #To nie Thomas #trojan

    Slave, Banatrix and ransomware

    Article thumbnail

    In March 2015, S21sec published their analysis of the new e-banking trojan horse targetting Polish users. They named it “Slave”, because such a string was part of a path to one of the shared libraries. We think (in part thanks to the kernelmode.info thread) that Slave was made by …

    Read more
  • 16 January 2015 CERT Polska #analysis #android #e-banking #malware

    iBanking is back in Poland

    Article thumbnail

    iBanking malware was already described on our blog in connection with the attacks targeting Polish e-banking users at the end of 2013. This malware posed as a mobile antivirus application, while in reality it was use to steal one time passwords that were sent via text message. The attack scenario …

    Read more
  • 05 September 2014 CERT Polska #Banatrix #e-banking #malware #trojan

    VBKlip 2.0: no clipboard, but Matrix-like effects

    Article thumbnail

    In the last few weeks we received information about a new kind of malware, similar to the VBKlip malware family. However, while reading these incident reports we got a bit of a science-fiction feeling. Users described that they went to the e-banking site and they tried to perform a wire …

    Read more
  • 25 June 2014 CERT Polska #botnet #e-banking #malware

    E-mail trojan attack on Booking.com and online auction website Allegro.pl clients

    Article thumbnail

    During the last few days, we have observed an attack on Polish users of auction website Allegro.pl and a hotel reservation portal – Booking.com. These attacks were directed at Polish users. Victims received a personalized e-mail that informed them that their account has been blocked either due to the …

    Read more
1 2 »

The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) — a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services.

Social media

Facebook Twitter GitHub

Contact

ul. Kolska 12, PL-01-045 Warsaw, Poland
tel.: +48 22 380 82 74
fax: +48 22 380 83 99
ePUAP: /NASK-Instytut/SkrytkaESP

E-mail: [email protected]
Incidents: [email protected]

Co-financed by the Connecting Europe Facility of The European Union
  • © 2023 NASK
  • Privacy policy
  • CSIRT GOV
  • CSIRT MON