SecureList

MARCH 1, 2021

The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Last year was notable for both malware and adware, the two very close in terms of capabilities. Interestingly enough, the share of adware attacks increased in relation to mobile malware in general. They typically work with malware developers to achieve this.

Mobile 145

Mobile Malware Adware Banking 145

Security Affairs

OCTOBER 24, 2020

US Treasury Department announced sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics behind Triton malware. The US Treasury Department announced sanctions against a Russian research institute for its alleged role in the development of the Triton malware. ” continues the press release.

Malware 140

Malware Government Hacking Cyber Attacks 140

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware 127

Malware Hacking Government Telecommunications 127

Krebs on Security

OCTOBER 1, 2019

In December 2013, a Slovenian court sentenced Škorjanc to four years and ten months in prison for creating the malware that powered the ‘ Mariposa ‘ botnet. Prosecutors say McCormick also was a reseller of the Mariposa botnet, the ZeuS banking trojan , and a bot malware he allegedly helped create called “Ngrbot.”

Cybercrime 48

Cybercrime Malware Antivirus Banking 48

The Hacker News

SEPTEMBER 29, 2021

Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, and Linux

Spyware 102

Spyware Firmware Malware 102

Krebs on Security

FEBRUARY 26, 2019

In 2013, Vrublevsky was convicted of hiring his most-trusted spammer and malware writer to launch a crippling distributed denial-of-service (DDoS) attack against one of his company’s chief competitors. law enforcement and intelligence agencies.

Cybersecurity 267

Cybersecurity Cybercrime Media Antivirus 267

Malwarebytes

MARCH 15, 2022

Those certificates are now being used to sign malware. From there, any cybercriminal that wanted to could grab the certificates and use them to sign their malware. The two leaked Nvidia certificates have expired, being valid from 2011 to 2014 and 2015 to 2018. Mitigation. One of them just barely (by two days).

Malware 123

Malware Software System Administration Ransomware 123

SecureList

NOVEMBER 29, 2024

The malware utilizes cloud resources for its C2 (command and control) servers, which it accesses via APIs using authentication tokens. While the modus operandi of the threat actor is reminiscent of the CloudWizard APT that we reported on in 2023, the malware code is completely different.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

SecureList

NOVEMBER 28, 2024

We also found Cobalt Strike beacons and several traces tying this actor to the ShadowPad malware and UNC2643 activity, which is in turn associated with the HAFNIUM threat actor. In recent years, the malware attracted the attention of the community due to the publication of two articles.

Malware 118

Malware Government Software Spyware 118

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. solutions.

Malware 98

Malware Authentication Software Accountability 98

Troy Hunt

JANUARY 17, 2024

When you look at the above forum post the data accompanied, the reason why becomes clear: it's from "stealer logs" or in other words, malware that has grabbed credentials from compromised machines. Yep, turns out it is and with a very old password I'd genuinely used pre-2011 when I rolled over to 1Password for all my things.

Passwords 363

Passwords Password Management Hacking Accountability 363

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Russian state-sponsored APT actors’ global Energy Sector intrusion campaign, 2011 to 2018.

Malware 144

Malware Cyber threats Government Hacking 144

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. We believe DePriMon is the first example of malware using this technique ever publicly described.”

Malware 135

Malware Telecommunications Advertising Encryption 135

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware 98

Malware DNS Media Architecture 98

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The fourth defendant, named Wu Shurong, was hired by Hainan Xiandun Technology Development to create malware, and hack into computer systems operated by foreign governments, companies and universities.

Hacking 124

Hacking Technology Government Malware 124

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware.

Ransomware 98

Ransomware Antivirus Malware Software 98

Security Affairs

DECEMBER 7, 2021

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

Backups 132

Backups Advertising Accountability Malware 132

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family. The malware is able to infect all operating systems.

Banking 144

Banking Advertising Malware Data collection 144

Malwarebytes

APRIL 14, 2022

Zloader or Zbot are common names used to refer to any malware related to the ZeuS family. There are a lot of those because the ZeuS banking Trojan source code was leaked in 2011, and so there’s been plenty of time for several new variants to emerge. Legal action. We also saw this method recently used against the Strontium group.

Backups 137

Backups Banking Telecommunications Internet 137

Security Affairs

AUGUST 10, 2018

Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. Each node represents a malware family or a hacking tool (“ Brambul ,” “ Fallchill ,” etc.)

Malware 69

Malware Hacking Advertising Accountability 69

Krebs on Security

FEBRUARY 7, 2024

The forum’s member roster includes a Who’s Who of top Russian cybercriminals, and it featured sub-forums for a wide range of cybercrime specialities, including malware, spam, coding and identity theft. One representation of the leaked Mazafaka database. As well as the cost of my services.” ” WHO IS DJAMIX?

Cybercrime 329

Cybercrime Accountability Identity Theft Hacking 329

Security Affairs

APRIL 21, 2022

ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. “The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.”

Hacking 142

Hacking Media Malware Cybersecurity 142

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

MAY 29, 2022

The transnational cybercrime ring was engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, and computer malware. The Infraud Organization is responsible for the purchase and sale of over four million stolen credit and debit card numbers.

Cybercrime 143

Cybercrime Hacking Malware Cybersecurity 143

CyberSecurity Insiders

APRIL 22, 2021

It is learnt that the massive file encrypting malware campaign started on April 19th,2021 when victims took help of the technology forums to know more about the ransomware. The company became a member of Intel Intelligent Systems Alliance in 2011. 7z extension, but is also seen stealing data from the victim devices.

Ransomware 109

Ransomware Surveillance Backups Encryption 109

Krebs on Security

NOVEMBER 12, 2019

More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment.

Backups 32

Backups Internet Internet Media 32

The Last Watchdog

JUNE 20, 2018

Bilogorskiy: Before 2013 a lot of malware was focused on spam, DDoS and monetizing through malicious advertising and ad fraud. In 2011, total cryptocurrency value was about $10 billion. Bilogorskiy: One other kind of attack that we’ve seen is where companies get hacked and those computers have mining malware put on them.

Cryptocurrency 176

Cryptocurrency Ransomware Passwords Malware 176

Krebs on Security

JULY 28, 2022

In a 2011 post on Hackforums, Acidut said they were building a botnet using an “exploit kit,” a set of browser exploits made to be stitched into hacked websites and foist malware on visitors. 1, 2021: 15-Year-Old Malware Proxy Network VIP72 Goes Dark. The same account continues to sell subscriptions to Shifter.io.

Advertising 284

Advertising Software Computers and Electronics Internet 284

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. ” reads the analysis published by Trend Micro. ” continues the report.

Government 126

Government Malware Advertising Architecture 126

Security Affairs

OCTOBER 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 116

Ransomware Firmware Advertising Insurance 116

Malwarebytes

JULY 26, 2021

Last week, Check Point Research described a new Mac variant of malware they call XLoader. According to Check Point, the Mac version of the malware is being “rented” as part of a malware-as-a-service program, at the price of $49 for one month or $99 for three months. Fortunately, more details have since come to light.

Malware 144

Malware Encryption 144

Security Affairs

JUNE 8, 2019

This week, Chi-en (Ashley) Shen presented at the CONFidence cybersecurity conference held in Poland her analysis on new samples of malware associated with the ICEFOG group. ICEFOG-M is the latest variant, it is a fileless malware that supports the same features of the ICEFOG-P but leverages HTTPs for communications.

Malware 111

Malware Government Advertising Banking 111

Security Affairs

OCTOBER 28, 2018

Back to September 2013, Belgacom (now Proximus), the largest telecommunications company in Belgium and primarily state-owned, announced its IT infrastructure had suffered a malware-based attack. The investigation revealed that the malware-based attack was powered by GCHQ and code-named Operation Socialist. ” wrote The Intercept.

Hacking 110

Hacking Spyware Telecommunications Malware 110

Security Affairs

APRIL 28, 2023

to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. Google targeted the distributors of the malware who are paid to spread and deliver the malicious code and infect a larger number of systems as possible. ” reads the announcement published by Google.

Malware 98

Malware Cybercrime Cryptocurrency Media 98

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years together! I’m very excited. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection.

Cybercrime 110

Cybercrime Hacking Cybersecurity Data breaches 110

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants.

Ransomware 133

Ransomware Cryptocurrency Hacking Cybercrime 133

CyberSecurity Insiders

SEPTEMBER 21, 2022

Technically speaking, Juice Jacking is an exploited USB port that can pass on malware and sniff data from a victimized device. Threat actors often load malware or infect a connection cable and leave it at the charging station. USB Condom works by blocking connections to all the pins except the charging pin. History of Juice Jacking.

Cyber threats 98

Cyber threats Manufacturing Banking Malware 98