Sinowal Trojan Stealing Banking Information

By Digital Trends Staff Published October 25, 2009

The Sinowal Trojan, also known as Torpig and Mebroot, isn’t new. It was first detected by RSA’s Fraud Action Research Lab in February 2006. But it’s one of the most effective Trojans out there. RSA estimates the Sinowal Trojan has taken the details of 270,000 online bank accounts and 240,000 debit and credit cards from financial institutions in a number of countries, including the US, UK, Australia and Poland. Interestingly, however, RSA has no data on any Russian accounts being hit.

Users are often infected by drive-bys – visiting a site infected with the Sinowal malicious code. Sean Brady of RSA’s security division told the BBC:

Recommended Videos

"The effect has been really global with over 2000 domains compromised. This is a serious incident on a very noticeable scale and we have seen an increase in the number of Trojans and their variants, particularly in the States and Canada."

According to RSA, whoever is behind the Sinowal Trojan – and they have no idea who that is – keeps releasing new variants in an attempt to avoid detection. But in spite of its danger, it’s just one among many malware attacks that are on the increase.

Using booby-trapped sites is a rapidly-growing infection method; Sophos has claimed to be finding over 6,000 newly infected pages daily – that’s one every 14 seconds. Fortinet has said that malware attacks between July and September this year rose from 10 million to 30 million.

Digital Trends Staff

Digital Trends has a simple mission: to help readers easily understand how tech affects the way they live. We are your…

Computing

This Mac malware can steal your credit card data in seconds

Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Despite their reputation for security, Macs can still get viruses, and that’s just been proven by a malicious new Mac malware that can steal your credit card info and send it back to the attacker, ready to be exploited. It’s a reminder to be careful when opening apps from unknown sources.

The malware, dubbed MacStealer, was discovered by Uptycs, a threat research firm. It hoovers up a wide array of your personal data, including the iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. That means there’s a lot that could be at risk if it gains a foothold on your Mac.

Computing

This major Apple bug could let hackers steal your photos and wipe your device

A physical lock placed on a keyboard to represent a locked keyboard.

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos -- and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Computing

Hackers sink to new low by stealing Discord accounts in ransomware attacks

a faceless hacker in a black hoodie in front of a computer screen with lines of code on it.

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.