Security Affairs

JULY 18, 2019

The researchers attribute the spyware to the Russia-linked and Gamaredon Group. The Gamaredon APT was first spotted in 2013, last year researchers at LookingGlass have shared the details of a cyber espionage campaign, tracked as Operation Armageddon , targeting Ukrainian entities. ” reads the analysis published by Intezer.

Spyware 109

Spyware Malware Advertising Cyber Attacks 109

Security Affairs

APRIL 28, 2020

Kaspersky experts found a similar sample on Google Play, it implements high levels of encryption, furthermore, the malicious code was able to download and execute additional malicious payloads that would be suitable to the specific device environment (i.e Android version, installed apps). . ” continues the analysis.

Malware 141

Malware Advertising Marketing Hacking 141

Security Affairs

JUNE 18, 2020

The group was first spotted by ESET in 2018, when the experts detected a sophisticated piece of spyware, tracked as InvisiMole, used in targeted attacks in Russia and Ukraine in the previous five years.

DNS 124

DNS Advertising Spyware Software 124

Security Affairs

JULY 17, 2019

It has been in continuous development at least since 2013 and the malware authors behind Hawkeye have improved the malware service adding new capabilities and techniques. It is the encrypted final payload. Every sensitive information, string or other information is encrypted through Rijndael algorithm, as shown in figure 16.

Spyware 105

Spyware Malware Passwords Accountability 105

Herjavec Group

AUGUST 26, 2021

2008 — Heartland Payment Systems — 134 million credit cards are exposed through SQL injection to install spyware on Heartland’s data systems. 2009-2013 — Roman Seleznev — Roman Seleznev hacks into more than 500 businesses and 3,700 financial institutions in the U.S., The thieves steal data on approximately 500 million customers.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

SecureList

DECEMBER 1, 2023

For most implants, the threat actor uses similar implementations of DLL hijacking (often associated with ShadowPad malware) and memory injection techniques, along with the use of RC4 encryption to hide the payload and evade detection. libssl.dll or libcurl.dll was statically linked to implants to implement encrypted C2 communications.

Malware 139

Malware Ransomware Encryption Energy and Utilities 139

SecureList

APRIL 27, 2021

During routine monitoring of detections for FinFisher spyware tools, we discovered traces that point to recent FinFly Web deployments. We have discovered new evidence showing that Domestic Kitten has been using PE executables to target victims using Windows since at least 2013, with some evidence that it goes back to 2011.

Malware 145

Malware Government Spyware Social Engineering 145