<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">


Riltok Mobile Banking Trojan Stealing Credit Card Information with Phishing Ads

Riltok is a mobile banking Trojan that uses mobile phishing pages to steal credit card information from its victims. Discovered in 2018, Riltok started out solely attacking Russian targets, yet it quickly began attacking victims in other European countries as well. The Trojan is spread via malicious SMS messages, which contain links that direct the victims to a fake website posing as a popular free ad service.

Once on the website, victims are prompted to click and download the Trojan, disguised as the ad service’s mobile app. If downloaded, Riltok connects to its C&C server to exfiltrate device data, and opens a fake Google Play screen or phishing page in a browser, requesting the victim’s bank card details.

Read More

Share this:

ThreatSTOP Introduces New Targets From Bambenek Consulting Feeds

Several new malware families have made recent appearances on the Bambenek Consulting feeds and are now tracked also by ThreatSTOP. These malware families are different in action and in their targets.

Read More

Share this:

Qakbot Is Back & Targeting Banking Credentials

Qakbot, also known as Qbot, is a network worm targeting banking credentials. It propagates by copying itself to network drives and infecting removable drives.

Read More

Share this:

Home Page


see all


  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter