2010 and Malware - Cyber Security Informer

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In 2010, someone with the username Pepyak on the Russian language affiliate forum GoFuckBiz[.]com

Malware

Malware Antivirus Cybercrime Hacking

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Antivirus

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. Last week, a seven-year-old proxy service called 911[.]re

Malware

Malware Cybercrime Internet Internet

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

REMnux 7, a Linux toolkit for malware analysts released

Security Affairs

JULY 26, 2020

A new version of the REMnux Linux toolkit for malware analysts is available for download, it includes a huge set of tools for professionals. REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware.

Malware

Malware Advertising Software Engineering

BrandPost: Detect Malware in Encrypted Traffic for Improved Security Visibility

CSO Magazine

OCTOBER 11, 2021

According to the Ponemon Institute's 2021 Global Encryption Trends Study, 50% of organizations have an encryption plan consistently applied across their entire environment—up from around 40% in 2015, and 25% in 2010. There are two common approaches to restoring traffic visibility: To read this article in full, please click here

Encryption

Encryption Malware

Beware of malware offering “Warm greetings from Saudi Aramco”

Malwarebytes

MARCH 5, 2022

The Formbook malware is an information stealer that is in use by many threat actors. The embedded object downloaded a remote template that exploits CVE-2017-11882 to download and execute the FormBook malware. The post Beware of malware offering “Warm greetings from Saudi Aramco” appeared first on Malwarebytes Labs.

Malware

Malware Manufacturing Marketing

New malware tied to China targets Linux endpoints and servers

SC Magazine

MARCH 10, 2021

New malware compiled on Red Hat Enterprise Linux uses a network data encoding scheme based on XOR, creates a backdoor in systems that gives an attacker near full control over infected machines. ( “Linux password file” by Christiaan Colen is licensed under CC BY-SA 2.0 ).

Malware

Malware Media Passwords Government

Picus Threat Library Is Updated for Flagpro Malware of BlackTech Group

Security Boulevard

JANUARY 14, 2022

Picus Labs has updated the Picus Threat Library with new attack methods for Flagpro malware of BlackTech. The APT group was first observed in 2010 and they have been active since. Flagpro malware was recently discovered by NTTSecurity and the malware is attributed to BlackTech [1]. BlackTech APT group. Initial Access.

Malware

Malware Passwords Phishing Authentication

Payment solutions giant Edenred announces malware infection

Security Affairs

NOVEMBER 22, 2019

The Payment solutions giant Edenred disclosed a malware incident that affected some of its computing systems, it immediately started an investigation. The Payment solutions giant Edenred announced that some of its computing systems have been infected with malware, the company is currently investigating the incident. Pierluigi Paganini.

Malware

Malware Mobile Advertising Government

The author of FastPOS PoS malware pleads guilty

Security Affairs

AUGUST 1, 2020

A 30-year-old Moldovan man pleaded guilty this week for creating the FastPOS malware that infected PoS systems worldwide. The Moldovan citizen Valerian Chiochiu (30), aka Onassis, pleaded guilty on Friday for creating the infamous FastPOS Point-of-Sale (POS) malware. and infraud.ws. Pierluigi Paganini.

Malware

Malware Advertising Cybercrime Hacking

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

The Last Watchdog

JUNE 3, 2022

I had a chance to discuss the latter with Ravi Srinivasan, CEO of Tel Aviv-based Votiro which launched in 2010 and has grown to . Votiro has established itself as a leading supplier of advanced technology to cleanse weaponized files.

Unstructured Data

Unstructured Data Malware Digital transformation Authentication

Crooks target US universities with malware used by nation-state actors

Security Affairs

APRIL 26, 2020

Several US universities and colleges were targeted in phishing attacks aimed at delivering malware previously used by China-linked APT groups. Hupigon is a remote access Trojan (RAT) that has been active since at least 2006, it was first detected by FireEye in 2010. Faculty and students at several U.S. Pierluigi Paganini.

Malware

Malware Phishing Advertising Education

Ke3chang hacking group adds new Ketrum malware to its arsenal

Security Affairs

MAY 28, 2020

The Ke3chang hacking group added a new malware dubbed Ketrum to its arsenal, it borrows portions of code and features from older backdoors. In May 2016, researchers from Palo Alto found evidence that the threat actors behind the Operation Ke3chang had been active since at least 2010. Pierluigi Paganini.

Hacking

Hacking Malware Advertising Government

Crooks target US universities with malware used by nation-state actors

Security Affairs

APRIL 26, 2020

Several US universities and colleges were targeted in phishing attacks aimed at delivering malware previously used by China-linked APT groups. Hupigon is a remote access Trojan (RAT) that has been active since at least 2006, it was first detected by FireEye in 2010. Faculty and students at several U.S. Pierluigi Paganini.

Malware

Malware Phishing Advertising Education

The Olympics: a timeline of scams, hacks, and malware

Malwarebytes

JULY 28, 2021

All of a sudden we have infectious email attachments, and compromised third-party sites serving up malware. 2010 Vancouver. All things banking are considered a problem point in Brazil in terms of hacks and malware, so there were plenty of warnings for visitors surrounding that too.

Scams

Scams Hacking Malware Mobile

Microsoft releases Hafnium patch for defunct edition of Exchange

SC Magazine

MARCH 9, 2021

Microsoft is now offering the same patch for the no-longer-supported Exchange Server 2010. Following widespread hacking from the Hafnium group and, perhaps, other groups , Microsoft is now offering the same patch for the no-longer-supported Exchange Server 2010 that it introduced last week for all newer editions. Microsoft).

Media

Media Malware Hacking Internet

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. A Google-translated version of the Rusdot spam forum.

Cybercrime

Cybercrime Advertising IoT Malware

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

Security Affairs

FEBRUARY 27, 2023

Threat actors behind the ChromeLoader malware campaign are using VHD files disguised as popular games, experts warn. Researchers from Ahnlab Security Emergency Response Center ( ASEC ) recently uncovered a malware campaign distributing the ChromeLoader using VHD files. ” concludes the report.

Software

Software Malware Advertising Hacking

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

According to the experts, the Gozi Banking Malware infected more than 1 million computers worldwide, causing tens of millions of dollars in losses. Prosecutors claim that the malware has infected systems in at least eight countries, including the United States, Germany, Finland and the United Kingdom.

Banking

Banking Malware Hacking Information Security

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. And there were many good reasons to support this conclusion.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

“My exploit pack is hosted there with 0 problems,” DCReaver2 says of a shady online provider that another member asked about in May 2010. Arrested in 2010, Skorjanc was sentenced to nearly five years in prison for selling and supporting Mariposa, which was used to compromise millions of Microsoft Windows computers.

Cybercrime

Cybercrime Ransomware Accountability Advertising

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

The APT group has been active since 2010, targeted organizations worldwide, including U.S. The cyber espionage group leverage both readily available tools and custom malware in their operations, many tools are available for years, but in recent attacks, their code was updated. They also uncovered the ASPXSpy webshell.

Ransomware

Ransomware Malware Financial Services Encryption

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. .” The Forbes.ru

Hacking

Hacking Cybercrime Ransomware Government

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

OCTOBER 17, 2018

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware. According to VirusTotal the software was “seen in the Wild” in 2010 but submitted only on 2018-10-12! Security Affairs – MartyMcFly , malware).

Malware

Malware Computers and Electronics Encryption Penetration Testing

ThreatList: Skype-Themed Apps Hide a Raft of Malware

Threatpost

APRIL 8, 2020

Hundreds of thousands of malware files are disguised as well-known social conferencing and collaboration apps.

Malware

Malware Adware Mobile

New variant of Konni malware used in campaign targetting Russia

Malwarebytes

AUGUST 20, 2021

the malware used by the attacker pretends to be the xmlprov Network Provisioning Service. The post New variant of Konni malware used in campaign targetting Russia appeared first on Malwarebytes Labs. Document analysis. We found two lures used by Konni APT. It then executes xwtpui.dll using rundll32.exe Figure 7: check.bat.

Malware

Malware Encryption Phishing Authentication

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

RUSdot is the successor forum to Spamdot , a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010. A Google-translated version of the Rusdot spam forum. “That’s why they want me.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

German intelligence agency warns of China-linked APT27 targeting commercial organizations

Security Affairs

JANUARY 26, 2022

. “The Federal Office for the Protection of the Constitution ( BfV ) has information about an ongoing cyber espionage campaign by the cyber attack group APT27 using the malware variant HYPERBRO against German commercial companies.” ” reads the advisory published by the German intelligence.

Financial Services

Financial Services Surveillance Malware Cyber Attacks

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware.

Telecommunications

Telecommunications Technology Government Firmware

Lazarus Group North Korea strikes South Korean software firm

CyberSecurity Insiders

OCTOBER 27, 2021

Cybersecurity Insiders have learnt that the said group of threat actors have launched a MATA malware attack on the servers of the software company to steal information from the database and encrypt it with ransomware until their demands are met.

Software

Software Data breaches Education Technology

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2010-2883 is a stack buffer overflow flaw that could be exploited by attackers to execute arbitrary code or trigger a denial of service condition. .

Malware

Malware Spyware Advertising Encryption

China using AI to develop robots that can hide in sea launch bombs and cyber attacks

CyberSecurity Insiders

JULY 8, 2021

Information is also out that these unmanned vehicles have sophisticated devices installed in them that can launch cyber attacks such as DDoS and malware after connecting to a wireless network.

Cyber Attacks

Cyber Attacks Artificial Intelligence Wireless Surveillance

McAfee makes it official that it is sold out for $14 billion

CyberSecurity Insiders

NOVEMBER 9, 2021

Launched in the year 1987 as an anti-malware solution by John McAfee, Intel Chip making unit in 2010 took the business over. Cybersecurity Insiders has learnt from its sources that the deal of acquiring McAfee will be wrapped up for $12 billion with the cost expected to rise to more than $14 billion when the company’s debt is added.

Technology

Technology Marketing Cybersecurity Malware

Dragon Breath APT uses double-dip DLL sideloading strategy

Security Affairs

MAY 7, 2023

Most of the victims are Chinese-speaking Windows users engaged in online gambling, the APT group relies on Telegram to distribute the malware. The malware is also able to steal cryptocurrency from the MetaMask crypto (Ethereum) wallet extension for Google Chrome. Sophos discovered a web site (telegramos[.]org)

Malware

Malware Cryptocurrency Encryption Phishing

Are You New to ICS/OT Cybersecurity?

SecureWorld News

AUGUST 2, 2023

When I first became interested in ICS/OT cybersecurity, it was 2010 and news about Stuxnet had been made public. Stuxnet was a piece of malware designed to infiltrate a uranium enrichment facility in Iran and physically destroy the enrichment centrifuges used to ultimately make nuclear warheads.

Cybersecurity

Cybersecurity Manufacturing Data breaches Malware

Magecart hackers hide stolen credit card data into images and bogus CSS files

Security Affairs

JULY 12, 2021

Magecart hackers have devised a new technique to obfuscating the malware within comment blocks and hide stolen credit card data into images evading detection. Security firms have monitored the activities of a dozen groups at least since 2010. php echo ""."h"."e"."".""."llo"."w"."o"."".""."r"."l"."d"."";

Malware

Malware Software Marketing Hacking

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Security Affairs

DECEMBER 7, 2021

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. “The Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group that we call Nickel.

VPN

VPN Manufacturing Government Hacking

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

The campaigns involved a new piece of malware called BadBazaar and new variants of the MOONSHINE surveillance software discovered by Citizen Lab in 2019 and employed in attacks against Tibetan activists. . We named this malware family BadBazaar in response to an early variant that posed as a third-party app store titled “APK Bazar.”

Surveillance

Surveillance Spyware Malware Mobile

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan. The nation-state actors employed multiple custom malware families targeting Windows, Linux, and FreeBSD operating systems.

Firmware

Firmware Telecommunications System Administration Malware

North Korean APT Lazarus Targets Energy Sector in US, Canada, Japan

SecureWorld News

SEPTEMBER 10, 2022

Although the same tactics have been applied in both attacks, the resulting malware implants deployed have been distinct from one another, indicating the wide variety of implants available at the disposal of Lazarus. There are also overlapping IOCs between the campaign described by AhnLab and the current campaign, such as the IP address 84[.]38.133[.]145,

Malware

Malware Cryptocurrency Hacking Cybersecurity

Router security in 2021

SecureList

JUNE 8, 2022

Number of router vulnerabilities according to cve.mitre.org, 2010–2022 ( download ). Number of router vulnerabilities according to nvd.nist.gov, 2010–2022 ( download ). Router-targeting malware. To find out why cybercriminals attack routers, it is first worth looking at the Top 10 malware detected by our IoT traps in 2021.

DDOS

DDOS Passwords IoT Firmware

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. cyber ops capability is Stuxnet , the self-spreading Windows worm found insinuating itself through Iranian nuclear plants in 2010.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S. The cyber espionage group leverage both readily available tools and custom malware in their operations, many tools are available for years, but in recent attacks, their code was updated. based organization.

Penetration Testing

Penetration Testing Financial Services Surveillance Manufacturing

Why Malware Crypting Services Deserve More Scrutiny

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Trending Sources

No SOCKS, No Shoes, No Malware Proxy Services!

Giving a Face to the Malware Proxy Service ‘Faceless’

REMnux 7, a Linux toolkit for malware analysts released

BrandPost: Detect Malware in Encrypted Traffic for Improved Security Visibility

Beware of malware offering “Warm greetings from Saudi Aramco”

New malware tied to China targets Linux endpoints and servers

Picus Threat Library Is Updated for Flagpro Malware of BlackTech Group

Payment solutions giant Edenred announces malware infection

The author of FastPOS PoS malware pleads guilty

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

Crooks target US universities with malware used by nation-state actors

Ke3chang hacking group adds new Ketrum malware to its arsenal

Crooks target US universities with malware used by nation-state actors

The Olympics: a timeline of scams, hacks, and malware

Microsoft releases Hafnium patch for defunct edition of Exchange

Administrator of RSOCKS Proxy Botnet Pleads Guilty

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

Colombian authorities arrested hacker behind the Gozi Virus

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Canada Charges Its “Most Prolific Cybercriminal”

Experts linked ransomware attacks to China-linked APT27

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

ThreatList: Skype-Themed Apps Hide a Raft of Malware

New variant of Konni malware used in campaign targetting Russia

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

German intelligence agency warns of China-linked APT27 targeting commercial organizations

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Lazarus Group North Korea strikes South Korean software firm

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

China using AI to develop robots that can hide in sea launch bombs and cyber attacks

McAfee makes it official that it is sold out for $14 billion

Dragon Breath APT uses double-dip DLL sideloading strategy

Are You New to ICS/OT Cybersecurity?

Magecart hackers hide stolen credit card data into images and bogus CSS files

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

China-linked APT BlackTech was spotted hiding in Cisco router firmware

North Korean APT Lazarus Targets Energy Sector in US, Canada, Japan

Router security in 2021

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

China-linked Budworm APT returns to target a US entity

Stay Connected