Kins origin malware with unique ATSEngine.

Uncovering a C&C server used by hackers to control the infected victims. The malware analyses done on victim’s machines reveals that malware from KINS family is targeting specific Italian bank users with ATSEngine, with capability to dynamic inject a code in the victims browser and managing the “drops” in full automatic way. The attack campaign is ongoing right now and we recovered hacked accounts. Beside that we reveal the “drops” used to collect the stolen money from the customers.

Continue reading “Kins origin malware with unique ATSEngine.”

Advertisements

One Shot Eight Banks

Another compromised hostname “https://xxx.com” is acting like drop-zone for stolen data from eight different Italian banks. The analysis of this drop-zone reveal a custom web application focused for info stealing. They steal a credit card details from the infected users using a phishing attack.

Continue reading “One Shot Eight Banks”

Blog at WordPress.com.

Up ↑