Anatsa Malware Targets Android Banking Apps via Play Store Dropper

Pulse ID: 6a3dc75ba89635d5a4540198
Pulse Link: https://otx.alienvault.com/pulse/6a3dc75ba89635d5a4540198
Pulse Author: cryptocti
Created: 2026-06-26 00:27:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #bot #cryptocti

Prinz Eugen ransomware: a deep dive into a new Go-based encryptor

Prinz Eugen is a newly discovered Go-based ransomware family first observed in April 2026, attributed to an actor known as ROOTBOY. The encryptor employs sophisticated techniques including ChaCha20-Poly1305 encryption, prioritizes recently modified files to maximize pressure on victims, and implements anti-forensic measures such as memory scrubbing and self-deletion. Unlike typical ransomware, it leaves no ransom note on disk, conducting all extortion communications out-of-band through leak sites and direct contact. The threat actor gains initial access through compromised RDP credentials, uses legitimate RMM tools like RemotePC for persistence, and creates backdoor admin accounts. Victims span multiple countries and sectors, with notable incidents including Standard Bank Group in South Africa and Transitions Pro Centre Val de Loire in France.

Pulse ID: 6a3d416ff54ce39010db1033
Pulse Link: https://otx.alienvault.com/pulse/6a3d416ff54ce39010db1033
Pulse Author: AlienVault
Created: 2026-06-25 14:55:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Africa #BackDoor #Bank #ChaCha20 #CyberSecurity #ELF #Encryption #Extortion #France #InfoSec #OTX #OpenThreatExchange #RDP #RansomWare #bot #AlienVault

"Ghost" Code Phishing Analysis

EvilTokens is a sophisticated phishing kit that conceals critical components of its attack through browser-side AES-GCM encryption, creating visibility gaps for traditional static URL analysis. The kit exploits Microsoft's legitimate device login flow through OAuth device-code phishing to gain account access without directly stealing passwords. Targeting organizations primarily in the United States and Europe, EvilTokens focuses on managed security services, technology, manufacturing, education, banking, and consulting sectors. The encrypted landing page only reveals its malicious content after browser decryption, requiring dynamic analysis to uncover the complete attack chain. The kit uses multiple stages including gate checks, user code requests, and session monitoring to complete Microsoft 365 account takeovers while appearing legitimate through final redirects to OneDrive.

Pulse ID: 6a3b02a43a7a626b53174466
Pulse Link: https://otx.alienvault.com/pulse/6a3b02a43a7a626b53174466
Pulse Author: AlienVault
Created: 2026-06-23 22:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #Browser #CyberSecurity #EDR #Education #Encryption #Europe #InfoSec #Manufacturing #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #UnitedStates #Word #bot #AlienVault

#Ukraine keeps pulverizing Russian #logistics

So how is #Russia doing internally nowadays?

"Veteran Russian #Communist Party leader #GennadyZyuganov suggested using part of the trillions of rubles held in #bank accounts by households and businesses to support the #economy"

https://www.themoscowtimes.com/2026/06/22/russian-communist-leader-says-trillions-in-bank-deposits-could-be-used-for-economy-a93074

oof

(note: this is controlled opposition. "renegades" are used by the #Kremlin, like #Medvedev's mad dog act on #socialMedia, so #Putin looks "sane" when he proposes something bad but not so bad)

Citizen's Bank has a pretty building in Manchester, NH even if it led the nation in "junk fees" back when my mom had an account there

#photo #photography #buildings #architecture #manchester #nh #newhampshire #bank