Citadel

Pierluigi Paganini July 22, 2017
A Russian man involved in the development and maintenance of Citadel was sentenced to five years in prison

The Russian hacker Mark Vartanyan was sentenced to five years in prison for his involvement in the development and maintenance of the Citadel botnets. It’s a terrific moment for cyber criminals, law enforcement worldwide continues their fight against illegal activities online and the recent shut down of AlphaBay and Hansa black markets demonstrate it. The news of […]

Pierluigi Paganini April 09, 2015
AlienSpy RAT exploited to deliver the popular Citadel Trojan

Security experts at Fidelis firm discovered that variants of the AlienSpy remote access trojan (RAT) are currently being used in global phishing campaigns. Cyber criminals have exploited the AlienSpy RAT to deliver the popular Citadel banking Trojan and maintain the persistence inside the targeted architecture with a backdoor mechanism. Criminal crews used AlienSpy RAT to compromise systems in […]

Pierluigi Paganini August 03, 2014
A new Citadel trojan variant includes different remote management tools to maintain persistence on victims PC

Experts at IBM discovered a new variant of Citadel banking malware which includes different remote management tools to maintain persistence on victims’ PC. Researchers at IBM discovered a new variant of the Citadel banking malware which includes a new interesting feature that allows attackers to maintain persistence in the victim’s machine through remote management tools. Citadel is directly […]

Pierluigi Paganini June 11, 2014
Pandemiya is a written-from-scratch trojan being sold in the underground

RSA Security’s FraudAction team released a report on Pandemiya, a new banking Trojan being sold in hacker forums as an alternative to the popular Zeus. RSA Security’s FraudAction team issued a report on Pandemiya, a banking Trojan being proposed in the underground ecosystem as the most effective alternative to the Zeus banking Trojan. Pandemiya Trojan is being sold for as […]

Pierluigi Paganini June 03, 2014
Gameover Zeus Botnet disrupted by multinational effort

The DoJ and the FBI announced a multinational effort to disrupt the GameOver Zeus botnet responsible for the theft of millions of dollars worldwide. The U.S. DoJ in collaboration with FBI and foreign law enforcement agencies revealed early this week a joint effort to disrupt Gameover Zeus, one of the most long-lived and dangerous botnet composed by a number […]

Pierluigi Paganini November 22, 2013
i2Ninja – A new financial malware being sold on Russian underground

Trusteer researchers have uncovered a sneaky piece of financial malware, known as i2Ninja, being sold on a Russian cyber crime forum. A new financial malware dubbed i2Ninja menaces banking, despite it has yet to be discovered in the wild, researchers at the IBM company Trusteer have found a sneaky piece of the malicious code on […]

Pierluigi Paganini July 25, 2013
KINS trojan is threatening banking sector

KINS trojan is the name of the new banking malware that RSA researchers discovered thanks to an announcement on the Russian black market. Early 2013 RSA discovered traces of a news banking trojan named KINS, security experts have followed the evolution of the malware in the underground community. RSA researchers discovered an announcement on the Russian […]

Pierluigi Paganini May 17, 2013
Group-IB Exclusive details on Kangoo botnet that hit Australian banks

Group-IB researchers have detected a new botnet named Kangoo that infected more than 150 000 machines mainly targeting Australian banks. Group-IB researchers have detected a new botnet named Kangoo that infected more than 150 000 machines, specialists dubbed it «Kangoo» due the presence of  a kangaroo logo on the WEB-interface of the C&C administrative panel. The botnet mainly […]

Pierluigi Paganini February 23, 2013
What does the Poetry with Citadel trojan?

Recently I published an article on the attacks against Japanese banks using a new variant of the popular Zeus, one of the most prolific malware of recent history, security experts in fact have detected various versions of the popular malicious code that hit also mobile and social networking platforms. Due its flexibility the malware has […]

Pierluigi Paganini August 22, 2012
New raise of Citadel malware…banking again under attack

The FBI has launched an alert titled “Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money “ One of the sectors most targeted by cyber attacks and by malware is the banking, during the last months we have read several times of agents developed to steal credentials of accounts and to realize complex frauds. […]