2022, Blog, Cybercrime and Malware - Cyber Security Informer

ZingoStealer crimeware released for free in the cybercrime ecosystem

Security Affairs

APRIL 15, 2022

The cybercrime gang has been active since at least January 2020. The malware is also able to steal details from cryptocurrency wallets and load additional malware to conduct malicious operations. “It features the ability to steal sensitive information from victims and can download additional malware to infected systems.

Cybercrime

Cybercrime Malware Cryptocurrency Hacking

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER? account on Carder[.]su su from 2008.

Malware

Malware Cybercrime Software Accountability

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

FIN7 is a Russian criminal group (aka Carbanak ) that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Malware

Malware Cybercrime Banking Software

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Cybercrime

Cybercrime Ransomware Education Media

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware

Ransomware Encryption Malware Hacking

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.

Malware

Malware DDOS IoT Cybercrime

Ransomware activity and network access sales in Q3 2022

Security Affairs

NOVEMBER 1, 2022

KELA identified around 600 victims by analyzing ransomware actors’ blogs and negotiation portals, data leak sites and public reports. Compared to the second quarter of 2022, the activity decreased by 8%, falling from July to August but increasing from August to September. SecurityAffairs – hacking, cybercrime).

Ransomware

Ransomware Cybercrime Hacking Information Security

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

It is interesting to note that the domain was also hosting malware a variant of the TrueBot malware. .” The researchers noticed that the domain hosting the tools employed in the attack, windowservicecemter[.]com, com, was registered on April 12, 2023.

Cybercrime

Cybercrime Software Education Ransomware

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. Kloster’s blog enthused. “We A copy of the passport for Denis Emelyantsev, a.k.a.

Cybercrime

Cybercrime Advertising IoT Malware

McAfee Enterprise & FireEye 2022 Threat Predictions

McAfee

OCTOBER 26, 2021

What cyber security threats should enterprises look out for in 2022? Skilled engineers and security architects from McAfee Enterprise and FireEye offer a preview of how the threatscape might look in 2022 and how these new or evolving threats could potentially impact the security of enterprises, countries, and civilians.

Cybercrime

Cybercrime Ransomware Risk B2C

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

JULY 10, 2024

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. Malwarebytes blogged about a similar campaign in April, but did not attribute the activity to any particular group.

Phishing

Phishing Cybercrime Malware Software

APT trends report Q3 2022

SecureList

NOVEMBER 1, 2022

This is our latest installment, focusing on activities that we observed during Q3 2022. We can confirm a Maui ransomware incident in 2022, but we would expand their “first seen” date from the reported May 2021 to April 15, 2021, and the geolocation of the target to Japan and India. The most remarkable findings.

Malware

Malware Ransomware Spyware Encryption

Let’s give a look at the Dark Web Price Index 2022

Security Affairs

JUNE 15, 2022

PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. The document updates the information provided in the Dark Web Index 2022 report. The document updates the information provided in the Dark Web Index 2022 report. Pierluigi Paganini.

Identity Theft

Identity Theft Accountability DDOS Cybercrime

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Security Affairs

APRIL 25, 2023

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The trojan can run on both ARM and x86 architectures.

Malware

Malware Social Engineering Architecture Education

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

McAfee

OCTOBER 31, 2021

McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into the continuingly aggressive role Nation States will play in 2022. By getting an executive on the hook, they could potentially convince them to download a job spec that is malware. By Raj Samani.

Cybercrime

Cybercrime Government Malware Media

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The malware environment checking and Anti-VM functions. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.”

Cybercrime

Cybercrime Malware Education Phishing

Bumblebee, a new malware loader used by multiple crimeware threat actors

Security Affairs

APRIL 28, 2022

Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. It is used by multiple cybercrime threat actors.”

Malware

Malware Cybercrime Encryption Hacking

AdSense fraud campaign relies on 10,890 sites that were infected since September 2022

Security Affairs

FEBRUARY 14, 2023

The threat actors behind a massive AdSense fraud campaign infected 10,890 WordPress sites since September 2022. In November 2022, researchers from security firm Sucuri reported to have tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. ” concludes the report.

Malware

Malware DDOS Hacking Cryptocurrency

Who Wants to Become a Guest Blogger At This Blog?

Security Boulevard

NOVEMBER 2, 2022

Dear blog readers, Do you know a lot about information security cybercrime research OSINT and threat intelligence gathering including cyber threat actors research? Who is Dancho Danchev and what is Dancho Danchev's Blog? The post Who Wants to Become a Guest Blogger At This Blog? Stay tuned!

Cybercrime

Cybercrime InfoSec Cyber threats Accountability

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Once the malware has infected all the running processes, it provides the threat actor with rootkit capability and supports data-stealing capabilities. “Symbiote is a malware that is highly evasive.

Malware

Malware DNS Antivirus Passwords

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The malware, disguised as a fake PoC code, was available on GitHub.

InfoSec

InfoSec Malware Cybercrime Information Security

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

Nation-state malware could become a commodity on dark web soon, Interpol warns

Security Affairs

MAY 24, 2022

Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide.

Malware

Malware Cybercrime Government Engineering

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. Google targeted the distributors of the malware who are paid to spread and deliver the malicious code and infect a larger number of systems as possible. ” reads the announcement published by Google.

Malware

Malware Cybercrime Cryptocurrency Media

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. Despite BouldSpy spyware supports ransomware capabilities, Lookout researchers have yet to see the malicious code using them, a circumstance that suggests the malware is under development or it is a false flag used by its operators.

Surveillance

Surveillance Malware Spyware Accountability

Experts discover over 451 clipper malware-laced packages in the PyPI repository

Security Affairs

FEBRUARY 14, 2023

Threat actors published more than 451 unique malware-laced Python packages on the official Python Package Index (PyPI) repository. Phylum researchers spotted more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to deliver clipper malware on the developer systems.

Malware

Malware Cryptocurrency Hacking Software

Tax preparation and e-file service eFile.com compromised to serve malware

Security Affairs

APRIL 5, 2023

The eFile.com online service, which is authorized by the US Internal Revenue Service (IRS), was spotted serving malicious malware to visitors. eFile.com , the personal online tax preparation and e-file service authorized by the US Internal Revenue Service (IRS), was spotted serving malware to visitors.

Malware

Malware Education Media Hacking

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. We will continue to monitor similar activity.”

Malware

Malware Encryption Hacking Cybersecurity

Threat actors target law firms with GootLoader and SocGholish malware

Security Affairs

MARCH 2, 2023

Cyber criminals are targeting law firms with GootLoader and FakeUpdates (aka SocGholish) malware families. The firms were targeted as part of two distinct campaigns aimed at distributing GootLoader and FakeUpdates (aka SocGholish) malware. One campaign attempted to infect law firm employees with the GootLoader malware.

Malware

Malware Ransomware Engineering Hacking

A flaw in the Kyocera Android printing app can be abused to drop malware

Security Affairs

APRIL 13, 2023

Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications to drop malware.

Malware

Malware Mobile Education Media

Security Roundup August 2022

BH Consulting

AUGUST 9, 2022

Microsoft’s extensive blog has more details. The Register said the move is aimed at shutting down popular attack vectors for many cybercriminals to infiltrate systems, pilfer data and install malware. UCD is already known for its work in digital forensics and cybercrime investigation. Sign up here.

Cybercrime

Cybercrime Accountability Phishing Authentication

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Security Affairs

MAY 27, 2022

According to the experts, ERMAC is operated by threat actors behind the BlackRock mobile malware. The malware is available for rent on underground forums for $5000 per month since March 2022. Available for rent on underground forums for $5K/month since March 2022, ERMAC 2.0 A new #Android banker ERMAC 2.0 “ERMAC 2.0

Banking

Banking Malware Cybercrime Phishing

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” reads a report published by Trend Micro.

Malware

Malware Antivirus DDOS Hacking

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime

Cybercrime Malware Hacking Accountability

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

The malicious code will download, create on disk and run the malicious DLL “pe.dll” The last stage malware installed on the infected systems is a Cobalt Strike Beacon that allows attackers to take over them. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing Cybercrime Ransomware Encryption

Eternity Project: You can pay $260 for a stealer and $490 for a ransomware

Security Affairs

MAY 15, 2022

Researchers at cybersecurity firm Cyble analyzed a Tor website named named ‘Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. The channel was used to share information about malware listings and updates. SecurityAffairs – hacking, malware).

Ransomware

Ransomware DDOS Cybercrime Malware

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). Every week the best security articles from Security Affairs for free in your email box.

Ransomware

Ransomware DNS Cybercrime Hacking

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

billion rubles. Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Computers and Electronics

Computers and Electronics Backups Cybercrime Marketing

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Security Affairs

JUNE 6, 2022

Mandiant is investigating the claims of the ransomware gang, the cybercrime group declared to have stolen 356841 files from the company and plans to leak them online. The gang plans to release the stolen files on 06 June, 2022 at 22:35:00. ’ At this time, the domain mandiantyellowpress[.]com ransomware to evade sanctions.

Hacking

Hacking Ransomware Cybersecurity Cybercrime

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs

MAY 2, 2023

“Through exchanges, attackers channeled assets obtained as a result of malware attacks (cryptoviruses) and online fraud. ” Many of these services are advertised on cybercrime forums, the services were offering support in both Russian and English. Exchange services were advertised on closed hacker forums.”

Cybercrime

Cybercrime Cryptocurrency Advertising Education

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. On 13 September 2022, an archive file called “bruteratel_1.2.2.Scandinavian_Defense.tar.gz”

Hacking

Hacking Cybercrime Ransomware Antivirus

ZingoStealer crimeware released for free in the cybercrime ecosystem

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Trending Sources

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

New Lobshot hVNC malware spreads via Google ads

Cybercrime group exploits Windows zero-day in ransomware attacks

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

EnemyBot malware adds new exploits to target CMS servers and Android devices

Ransomware activity and network access sales in Q3 2022

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Administrator of RSOCKS Proxy Botnet Pleads Guilty

McAfee Enterprise & FireEye 2022 Threat Predictions

The Stark Truth Behind the Resurgence of Russia’s Fin7

APT trends report Q3 2022

Let’s give a look at the Dark Web Price Index 2022

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

Hackers are taking advantage of the interest in generative AI to install Malware

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Bumblebee, a new malware loader used by multiple crimeware threat actors

AdSense fraud campaign relies on 10,890 sites that were infected since September 2022

Who Wants to Become a Guest Blogger At This Blog?

Symbiote, a nearly-impossible-to-detect Linux malware?

Threat actors target the infoSec community with fake PoC exploits

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Nation-state malware could become a commodity on dark web soon, Interpol warns

Google obtained a temporary court order against CryptBot distributors

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Experts discover over 451 clipper malware-laced packages in the PyPI repository

Tax preparation and e-file service eFile.com compromised to serve malware

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Malware campaign hides a shellcode into Windows event logs

Threat actors target law firms with GootLoader and SocGholish malware

A flaw in the Kyocera Android printing app can be abused to drop malware

Security Roundup August 2022

ERMAC 2.0 Android Banking Trojan targets over 400 apps

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Eternity Project: You can pay $260 for a stealer and $490 for a ransomware

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Stay Connected