Report an incident
Read in Polish Read in polish
  • About us
  • News
  • FAQ
  • Analyses
  • Publications
  • Contact
Tag #trojan
  • 05 February 2019 Michał Praszmo #botnet #malware #trickbot #trojan

    Detricking TrickBot Loader

    Article thumbnail

    TrickBot (TrickLoader) is a modular financial malware that first surfaced in October in 20161. Almost immediately researchers have noticed similarities with a credential-stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. But in this article we will not focus …

    Read more
  • 16 January 2018 Agnieszka Bielec #analysis #android #botnet #malware #trojan

    Analysis of a Polish BankBot

    Article thumbnail

    Analysis of a Polish BankBot Recently we have observed campaigns of a banking malware for Android system, which targets Polish users. The malware is a variant of the popular BankBot family, but differs from the main BankBot samples. Its victims were infected by installing a malicious application from Google Play …

    Read more
  • 24 May 2017 Paweł Srokosz #analysis #emotet #botnet #dhl #malware #trojan

    Analysis of Emotet v4

    Article thumbnail

    Introduction Emotet is a modular Trojan horse, which was firstly noticed in June 2014 by Trend Micro. This malware is related to other types like Geodo, Bugat or Dridex, which are attributed by researches to the same family. Emotet was discovered as an advanced banker – it’s first campaign targeted …

    Read more
  • 30 January 2017 Jarosław Jedynak #analiza #malware #nymaim #trojan

    Nymaim revisited

    Article thumbnail

    Introduction Nymaim was discovered in 2013. At that time it was only a dropper used to distribute TorrentLocker. In February 2016 it became popular again after incorporating leaked ISFB code, dubbed Goznym. This incarnation of Nymaim was interesting for us because it gained banking capabilities and became a serious threat …

    Read more
  • 14 October 2015 Łukasz Siewierski #actors #android #e-banking #malware #postal group #ransomware #trojan

    The Postal Group

    Article thumbnail

    During SECURE conference we have presented our findings about criminal group, which we called “Postal Group” (“Grupa pocztowa”) based on theris modus operandi. Detailed research regarding the group have been gathered in the form of report available under the link below.   PDF   During the SECURE conference, we presented a talk …

    Read more
  • 02 October 2015 Łukasz Siewierski #analysis #android #app overlay #e-banking #GMBot #trojan

    GMBot: Android poor man’s “webinjects”

    Article thumbnail

    Recently, we obtained a sample of a new Android banking trojan, named GMBot, which tries to be self-contained (i.e. does not need Windows counterpart) and uses application overlay as a poor man’s webinjects substitute. This malware uses known and common techniques, but implements them in a way similar …

    Read more
  • 03 July 2015 Łukasz Siewierski #Banatrix #e-banking #malware #ransomware #Slave #To nie Thomas #trojan

    Slave, Banatrix and ransomware

    Article thumbnail

    In March 2015, S21sec published their analysis of the new e-banking trojan horse targetting Polish users. They named it “Slave”, because such a string was part of a path to one of the shared libraries. We think (in part thanks to the kernelmode.info thread) that Slave was made by …

    Read more
  • 03 December 2014 CERT Polska #malware #trojan

    Merry Christmas from the Bailliff Office

    Article thumbnail

    In the last two weeks, the CERT team received multiple reports describing suspicious e-mail messages supposedly coming from the Warszawa Wola (a Warsaw district) Bailiff office. The message contents do not describe the alleged due in detail, thus encouraging the recipient of the message to click on the link described …

    Read more
  • 05 September 2014 CERT Polska #Banatrix #e-banking #malware #trojan

    VBKlip 2.0: no clipboard, but Matrix-like effects

    Article thumbnail

    In the last few weeks we received information about a new kind of malware, similar to the VBKlip malware family. However, while reading these incident reports we got a bit of a science-fiction feeling. Users described that they went to the e-banking site and they tried to perform a wire …

    Read more
  • 23 January 2014 CERT Polska #e-banking #malware #trojan

    New .NET banking malware (VBKlip): no network usage, no registry entries and no AV detection

    Article thumbnail

    We recently blogged about a new strain of malware called VBKlip. This malware was aimed at Polish online banking users. In the last few days a new, revised version of this malware has resurfaced. This new version is written in .NET and has a few new ideas which seem to …

    Read more
1 2 »

The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) — a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services.

Social media

Facebook Twitter GitHub

Contact

ul. Kolska 12, PL-01-045 Warsaw, Poland
tel.: +48 22 380 82 74
fax: +48 22 380 83 99
ePUAP: /NASK-Instytut/SkrytkaESP

E-mail: [email protected]
Incidents: [email protected]

Co-financed by the Connecting Europe Facility of The European Union
  • © 2023 NASK
  • Privacy policy
  • CSIRT GOV
  • CSIRT MON