Researchers have discovered a new mobile banking Trojan called Crocodilus that targets financial institutions and crypto platforms using sophisticated methods such as remote device control, stealthy overlays, and social engineering. The malware, which has already begun targeting Spanish and Turkish banks, can capture every text change on a device, enabling it to bypass multi-factor authentication. The Trojan has been linked to a threat actor known as “sybra” but researchers suspect it may be available on the underground market.
What are business logic vulnerabilities?
Business logic vulnerabilities in software allow attackers to exploit flaws in design, enabling them to circumvent security measures and manipulate pricing, authentication, and other key
