Antivirus, Cybercrime, Information Security and Malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. ” reads the press release published by the Europol. ” continues the press release.

Malware

Malware Antivirus Cybercrime Software

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. sys can be integrated into any malware.”

Antivirus

Antivirus Ransomware Malware Cybercrime

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 28, 2024

Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin Cryptocurrencies and cybercrime: A critical intermingling Kaiser Permanente data breach may have impacted (..)

Cybercrime

Cybercrime Spyware Data breaches Antivirus

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. “Account accesses for antivirus programs garner the second-highest prices: around $21.67. SecurityAffairs – hacking, cybercrime marketplaces). Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

It focused on deploying POS malware and launching targeted spear-phishing attacks against organizations worldwide. The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution. ” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cybercrime

Cybercrime Ransomware Antivirus Malware

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. “A well-rounded security program is essential to mitigate risk from sophisticated groups such as UNC2465 as they continue to adapt to a changing security landscape.”

Cybercrime

Cybercrime Ransomware Antivirus Software

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. ” concludes the report.

Malware

Malware DNS Antivirus Passwords

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” reads a report published by Trend Micro.

Malware

Malware Antivirus DDOS Hacking

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Antivirus Encryption

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported. TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. ” concludes the report.

Malware

Malware Antivirus Manufacturing Healthcare

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs

AUGUST 21, 2022

Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages which lead victims to download remote access trojan malware. Pierluigi Paganini.

DDOS

DDOS Malware Antivirus Firewall

Grandoreiro Banking Trojan is back and targets banks worldwide

Security Affairs

MAY 19, 2024

The banking Trojan is likely operated as a Malware-as-a-Service (MaaS). The recent campaign demonstrates that operators are expanding the malware’s deployment globally, starting with South Africa. It also prevented infections on Windows 7 machines in the US without antivirus. ” concludes the report. .

Banking

Banking Malware Antivirus Accountability

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

The infection chain was divided into four stages : The malware was installed through a dropper, a program executed by opening an attachment to a deceptive e-mail, probably a fake pdf or doc file, or executed directly from the Internet, without user interaction, exploiting the exploit described in the point 4. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

Russian national Oleg Koshkin was convicted in January for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. For years, Koshkin and his co-conspirators worked to evade our most basic cyber defenses in order to spread malware on a truly global scale.

Antivirus

Antivirus Malware Cybercrime Cyber threats

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. See Protecting Against Malicious Code.

Malware

Malware Passwords Advertising Antivirus

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Review antivirus logs for indications they were unexpectedly turned off.

Ransomware

Ransomware Antivirus Passwords Malware

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. Splashtop, AnyDesk, SuperOps RMM) to achieve remote access and uses Cobalt Strike and the proxy tool Chisel in post-exploitation activities.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. Threat actors use FileZilla, WinRAR, WinSCP, and RClone for data exfiltration.

Ransomware

Ransomware Encryption Antivirus VPN

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

MAY 4, 2022

The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption. “Conti looks for and executes DLLs in its current directory.

Ransomware

Ransomware Antivirus Malware Encryption

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. This includes BreachForums, CryptBB, RAMP, Exploit[.]in,

Hacking

Hacking Cybercrime Ransomware Antivirus

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware

Ransomware Antivirus Backups Malware

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. This is the exact case we observed with the Sharkbot malware.”

Banking

Banking Antivirus Malware Accountability

MalwareBazaar – welcome to the abuse-ch malware repository

Security Affairs

MARCH 24, 2020

ch launched the MalwareBazaar service, a malware repository to allow experts to share known malware samples and related info. ch launched a malware repository, called MalwareBazaar , to allow experts to share known malware samples and related analysis. Malware batches are available for download on a daily base.

Malware

Malware Adware Cyber threats Advertising

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware.

Mobile

Mobile Advertising Malware Cybercrime

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

Security Affairs

APRIL 9, 2020

Group-IB’s CERT-GIB analyzed hundreds of coronavirus -related phishing emails and discovered top malware strains in COVID-19 campaigns. Spyware turned out to be the most common malware class hiding in fraudulent COVID-19 emails, with AgentTesla topping the list of phishers’ favorite strains. SecurityAffairs – malware, Coronavirus).

Phishing

Phishing Malware Spyware DDOS

QwixxRAT, a new Windows RAT appears in the threat landscape

Security Affairs

AUGUST 15, 2023

. “Once installed on the victim’s Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker’s Telegram bot, providing them with unauthorized access to the victim’s sensitive information.” ” reads a new report published by security firm Uptycs.

Malware

Malware Antivirus Cryptocurrency Advertising

The Pirate Bay clones target millions of users with malware and malicious ads?

Security Affairs

FEBRUARY 9, 2022

Worryingly, ads served by malvertisers on websites and mobile apps can make you fall victim to malware with a single misplaced click. Dewhirst recommends installing both an adblocker and reputable antivirus software as two of the most effective ways to combat malvertising on any site a user might visit. Protecting against malvertising.

Malware

Malware Advertising Education Antivirus

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The authors are actively developing malware to evade detection, but no specific attacks have been attributed to the Meduza Stealer to date. The malware admin declared that their operations do not involve any ransom activities.

Password Management

Password Management Passwords Malware Antivirus

Malicious apps continue to spread through the Google Play Store

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store.

Adware

Adware Antivirus Malware Software

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency stealers, its author doesn’t masquerade its purpose and promises “the leading way to make money in 2021.”. There is the name of the malware itself. ” reads the post published by Palo Alto Networks.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software.

Ransomware

Ransomware System Administration Antivirus Malware

How to Protect Your Business Data with Cyber security

CyberSecurity Insiders

NOVEMBER 25, 2021

5 Cyber Security Best Practices to Protect Your Business Data. Today, any company can fall victim to cybercrime, which has become a major problem around the world. That’s why large, medium-sized, and small businesses need to become more proactive in their approach to cyber security. Install Anti-malware Software.

Computers and Electronics

Computers and Electronics Cyber Attacks Data breaches Passwords

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. The group typically asked ransoms between $20,000 to $5.8

Ransomware

Ransomware Antivirus Encryption Backups

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Security Affairs

DECEMBER 29, 2019

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. Security experts from Fortinet’s enSilo have discovered a new loader, dubbed BIOLOAD, associated with the financially-motivated group FIN7. SecurityAffairs – FIN7, malware).

Cybercrime

Cybercrime Antivirus Identity Theft Advertising

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Security Affairs

NOVEMBER 25, 2021

Threat actors hides the malware in the task names, then the malicious code is constructed using several layers of compression and base64 decoding. Researchers explained that CronRAT malware is undetected by many antivirus engines, it leverages the fact that many security products do not scan the Linux cron system.

Malware

Malware Antivirus Engineering Hacking

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money.” SecurityAffairs – hacking, ZLoader malware). To nominate, please visit:?

Banking

Banking Malware Telecommunications Antivirus

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

At the end of October, researchers from cyber security firms Cleafy and ThreatFabric have discovered a new Android banking trojan named SharkBot. The malware has been active at least since late October 2021, it targeting the mobile users of banks in Italy, the UK, and the US. ” concludes the report.

Banking

Banking Mobile Social Engineering Malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Romanians arrested for running underground malware services

Webinars

Trending Sources

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Webinars

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

15 billion credentials available in the cybercrime marketplaces

Info stealers and how to protect against them

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Symbiote, a nearly-impossible-to-detect Linux malware?

NetDooka framework distributed via a pay-per-install (PPI) malware service

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Chinese-speaking cybercrime gang Rocke changes tactics

Grandoreiro banking malware targets Mexico and Spain

TrickGate, a packer used by malware to evade detection since 2016

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Grandoreiro Banking Trojan is back and targets banks worldwide

Wannacry, the hybrid malware that brought the world to its knees

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

CISA’s advisory warns of notable increase in LokiBot malware

BlackCat Ransomware gang breached over 60 orgs worldwide

Cactus ransomware gang claims the Schneider Electric hack

Akira ransomware received $42M in ransom payments from over 250 victims

An expert shows how to stop popular ransomware samples via DLL hijacking

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Bitdefender released a free decryptor for the MortalKombat Ransomware family

SharkBot Banking Trojan spreads through fake AV apps on Google Play

MalwareBazaar – welcome to the abuse-ch malware repository

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

QwixxRAT, a new Windows RAT appears in the threat landscape

The Pirate Bay clones target millions of users with malware and malicious ads?

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Malicious apps continue to spread through the Google Play Store

WeSteal, a shameless commodity cryptocurrency stealer available for sale

FBI and CISA published a new advisory on AvosLocker ransomware

How to Protect Your Business Data with Cyber security

Bitdefender released a free decryptor for the MegaCortex ransomware

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Threat actors target crypto and NFT communities with Babadeda crypter

SharkBot, a new Android Trojan targets banks in Europe

Stay Connected