Banking malware

cashearner · 18.05.2020

Is there on the market some malware similar to the one that the Lurk group used?
The one that changes the receiver and the account number without user noticing it when doing payments.

rlz · 20.05.2020

You mean to say something like Crypto address changing bot?

cashearner · 20.05.2020

No. Like changing account no. and recipient in the background while the users sees the recipient and the numbers he entered previesly on the screen. The malware deducts the sum the user entered from the available funds and copies the receivers info and account no. and makes a frame on top of the screen. But the real recipient and the real sum are underneath and they are authorized without user knowing.

rlz · 20.05.2020

I guess you are looking for automated web injects then. Many are using evilgnix and modilshka for something like that with phishing pages )

cashearner · 20.05.2020

Yea, I guess. But as far as I know, evilginx generated links are getting detected by chrome now..

givirus · 20.05.2020

cashearner сказал(а):

Yea, I guess. But as far as I know, evilginx generated links are getting detected by chrome now..

So evilginx is useless now?

cashearner · 21.05.2020

givirus сказал(а):

So evilginx is useless now?

I was testing it a month ago and it worked on Firefox, but Chrome was giving a warning that "Connection is not private"

givirus · 21.05.2020

[QUOTE = "cashearner, post: 228578, member: 183454"]
I was testing it a month ago and it worked on Firefox, but Chrome was giving a warning that "Connection is not private"
[/ QUOTE]
Bro, because you didn't have any SSL certificate installed. Install a SSL certificate and try after that.

cashearner · 23.05.2020

givirus сказал(а):

[QUOTE = "cashearner, post: 228578, member: 183454"]
I was testing it a month ago and it worked on Firefox, but Chrome was giving a warning that "Connection is not private"
[/ QUOTE]
Bro, because you didn't have any SSL certificate installed. Install a SSL certificate and try after that.

The certificate was succesufully installed. I got the link, but chrome gave some kind of warning. Maybe it was not about connection. There was no warning for the first day or two, but after it got detected...

MrMillionaire · 24.05.2020

[QUOTE = "cashearner, post: 229173, member: 183454"]
The certificate was succesufully installed. I got the link, but chrome gave some kind of warning. Maybe it was not about connection. There was no warning for the first day or two, but after it got detected ...
[/ QUOTE]
Now it's detected, you can search that companies started to block modlishka & evilginx2 domains

givirus · 24.05.2020

[QUOTE = "MrMillionaire, post: 229206, member: 197283"]
[QUOTE = "cashearner, post: 229173, member: 183454"]
The certificate was succesufully installed. I got the link, but chrome gave some kind of warning. Maybe it was not about connection. There was no warning for the first day or two, but after it got detected ...
[/ QUOTE]
Now it's detected, you can search that companies started to block modlishka & evilginx2 domains
[/ QUOTE]
And what can we do? What are the options?

phasm · 14.06.2020

You can simply set-up your own SMTP server and use an external agent to hook/deliver. Evilginx was nice because of the simple phishlets you could generate on the fly.. however stuff like that will eventually get blocked because its open source.
You can find numerous other proxies + servers to use. However if you're going after companies, it would be use to servers located in that safe area of rest.

rlz · 23.06.2020

Want to know the setup of modlishka & evilginx2 domains with first barrier with some TDS or other similar service to block the not necessary traffic. That will not work?

Banking malware

cashearner

(L3) cache

rlz

RAID-массив

cashearner

(L3) cache

rlz

RAID-массив

cashearner

(L3) cache

givirus

(L2) cache

cashearner

(L3) cache

givirus

(L2) cache

cashearner

(L3) cache

MrMillionaire

ripper

givirus

(L2) cache

phasm

RAID-массив

rlz

RAID-массив