Historically High Q2 for Mobile Banking Trojan: Mobile banking Trojan is ranked as the top security problem in the second quarter of 2018, which do includes the threats from a new cyber-espionage group, “Operation Parliament,” which is specially targeting the high profile companies of Middle East and North Africa, especially Palestine, according to researchers at Kaspersky Lab.
Kaspersky Lab has published its Q2 IT Threat Evolution Report, and as well mobile banking Trojans which are topped the list of cyber headaches in Q2 2018, which is reaching an all the time of high of more than 61,000 installation packages for mobile banking. Those numbers represent more than Q1 2018. Out of all malware, US users were most often attacked with mobile banking malware in Q2.
By imitating other types of attack groups, the Operation Parliament has remained under the rader, which took care to verify the victim devices that were affected. “The attacker, which started early in 2017, target parliament, senates, top state offices and officials, political sciences scholars, military and intelligence agencies, ministries, media outlets, research centers, election commission, Olympic organizations, large trading companies and others,” Kaspersky Lab research wrote in today’s post.
Another operation, ZooPark, which has also targeted the Middle East with several variations of malware specifically aimed at Android devices which were using two distribution vectors: telegram channels and watering holes. In the latest version, the researchers have noted that more complex spyware, who suggested that it may have been purchased from a surveillance tools vendors.
The report has also noted that the continued use of VPNFilter, also tends to infect different types of malwares that can infect routers, In addition to an ongoing campaign in Central Asia attributed to Chinese-speaking threat actor LuckyMouse. Additionally, the continued tracking of Olympic Destroyer revealed that it has started a new campaign.
“Our telemetry, and the characteristics of the spear-phishing documents we have analyzed, indicate that the attacker behind Olympic Destroyer are now targeting financial and biotechnology related organizations based in Europe — specifically, Russia, the Netherlands, Germany, Switzerland and Ukraine,” researcher wrote.