2014, Antivirus, Malware and Passwords - Cyber Security Informer

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. “Antivirus software trusts signed programs more. One of Megatraffer’s ads on an English-language cybercrime forum. ru in 2008.

Malware

Malware Cybercrime Software Antivirus

New Shlayer Mac malware spreads via poisoned search engine results

Security Affairs

JUNE 21, 2020

Shlayer Mac malware is back, the Mac threat is now spreading through new black SEO operations. Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. The malware can be used to download other malicious payloads, including malware or adware. up to 10.14.3.

Engineering

Engineering Malware Adware Antivirus

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Security Affairs

FEBRUARY 16, 2019

Researchers at Cybereason’s Nocturnus team have uncovered a new Astaroth Trojan campaign that is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and drop malicious modules. According to the experts, LOLbins are very effecting in evading antivirus software.

Antivirus

Antivirus Passwords Malware Advertising

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. Each report includes a detailed “malware descriptions, suggested response actions, and recommended mitigation techniques.” the extension matches the file header).

Malware

Malware Passwords Advertising Antivirus

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Malware

Malware Government Passwords System Administration

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. Enforce a strong password policy.

Malware

Malware Passwords Advertising Antivirus

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

Security Affairs

OCTOBER 11, 2018

ESET researchers have spotted a new strain of malware tracked as Exaramel that links the dreaded not Petya wiper to the Industroyer ICS malware. A few months ago, researchers from ESET discovered a new piece of malware that further demonstrates the existence of a link between Industroyer and the NotPetya wiper.

Malware

Malware Passwords Advertising Antivirus

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.

Government

Government Banking Advertising Malware

How Many User Credentials Did Emotet Steal? Now We Know

SecureWorld News

APRIL 28, 2021

In January 2021, the FBI and other international law enforcement agencies worked together to take down one of the world's most notorious malware strains, Emotet. Change your email account password. Emotet was one of the most dangerous malwares in the world, according to Europol. How many credentials were harvested by Emotet?

Banking

Banking Passwords Malware Password Management

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.” Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

A new variant of HawkEye stealer emerges in the threat landscape

Security Affairs

APRIL 17, 2019

A new variant of the HawkEye data stealer emerges in the threat landscape as part of ongoing malware distribution campaigns. New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Antivirus

Antivirus Malware Advertising Passwords

Experts found a new powerful modular Linux cryptominer

Security Affairs

NOVEMBER 26, 2018

Security experts from Russian antivirus firm Dr.Web have discovered a new strain of Linux cryptominer tracked as Linux.BtcMine.174. Experts also discovered that the Trojan also kill antivirus software, including Avast, AVG, Dr.Web and ESET. The Linux malware also downloads another Trojan, tracked as Linux.BackDoor.Gates.9

Antivirus

Antivirus Malware Advertising DDOS

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

SEPTEMBER 14, 2019

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. . “As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer.” ” concludes the researchers.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. The Forbes.ru

Hacking

Hacking Cybercrime Ransomware Government

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. Another trend was disguising malware in emails.

Ransomware

Ransomware Antivirus Malware Banking

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey.

Phishing

Phishing Social Engineering Malware Advertising

FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box

Malwarebytes

APRIL 14, 2021

They fell foul to password reuse. This means criminals figuring out the passwords to other criminals’ web shells could also potentially access the compromised servers. The FBI requested a rule change for expanded access powers back in 2014 , and it was granted in 2016. However you stack it up, it’s a bit of a mess.

Malware

Malware Hacking Phishing Passwords

Security Affairs newsletter Round 201 – News of the week

Security Affairs

FEBRUARY 17, 2019

New Linux coin miner kills competing malware to maximize profits. Password Checkup Chrome extension warns users about compromised logins. Experts found a way to create a super-malware implanted in SGX-enclaves. Experts spotted a new strain of Shlayer macOS Malware. Google open sourced the ClusterFuzz fuzzing platform.

Advertising

Advertising Antivirus Malware Backups

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

OCTOBER 17, 2018

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware. How Microsoft Excel is able to decrypt such a content if no password is requested to the end user? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Computers and Electronics Encryption Penetration Testing

Security Affairs newsletter Round 224 – News of the week

Security Affairs

JULY 28, 2019

WizzAir informed customers it forced a password reset on their accounts. BlackBerry Cylance addresses AI-based antivirus engine bypass. New APT34 campaign uses LinkedIn to deliver fresh malware. Comodo Antivirus is affected by several vulnerabilities. WSJ says Equifax to Pay $700 million settlement for 2017 breach.

Antivirus

Antivirus Spyware Advertising Hacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Who Is Agent Tesla?

Krebs on Security

OCTOBER 22, 2018

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software.

Software

Software Accountability Malware Healthcare

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

In human-operated ransomware attack scenario, attackers use stolen credentials, exploit misconfiguration and vulnerabilities to access target networks, attempt to escalate privileges and move laterally, and deliver malware and exfiltrate data. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Cybercrime Social Engineering Banking

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. “ “The password database was leaked shortly before the attack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Government

Government Ransomware Encryption Penetration Testing

Security Affairs newsletter Round 227

Security Affairs

AUGUST 18, 2019

Cerberus, a new banking Trojan available as malware-as-a-service in the underground. Recently Cloud Atlas used a new piece of polymorphic malware. A flaw in Kaspersky Antivirus allowed tracking its users online. Mozilla addresses master password security bypass flaw in Firefox. Pierluigi Paganini.

Banking

Banking Password Management Advertising Antivirus

VSDC video editing software website hacked again

Security Affairs

APRIL 11, 2019

Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with malware. The hackers already compromised the official website of VSDC in the past, in previous attacks they hijacked the download links to deliver malware to the victims. 2, and the Trojan. ” The Win32.Bolik.2

Software

Software Hacking Banking Malware

Experts discovered Calisto macOS Trojan, the first member of Proton RAT family

Security Affairs

JULY 21, 2018

Security experts from Kaspersky Lab have discovered a precursor of the infamous Proton macOS malware that was named Calisto. Malware researchers from Kaspersky Lab have discovered a malware, tracked as Calisto, that appears to be to the precursor of the Proton macOS malware. Use antivirus software.

Antivirus

Antivirus Advertising Malware Accountability

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Attackers also employed an encrypted Chrome password-stealer hosted on ZINC domain [link]. .

Malware

Malware Antivirus Hacking Accountability

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. com — were implicated in propagating the Triada malware. net 2014-01-20 ALIBABA CLOUD COMPUTING (BEIJING) CO., “Yehuo” ( ? ? ) com , buydudu[.]com

Mobile

Mobile Technology Manufacturing Malware

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Security Affairs

MAY 27, 2019

The website was used by attackers to redirect traffic to advertising sites that attempted to deliver malware. The features include the redirect functionality, content password protection or image hot link prevention. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. htaccess code injection.

Advertising

Advertising Malware Antivirus Software

SeroXen RAT for sale

CyberSecurity Insiders

MAY 31, 2023

The malware combines several open-source projects to improve its capabilities. It was first released in July 2014 as “xRAT” and renamed to “Quasar” in August 2015. It was around that time that the malware was first observed in the wild, appearing with 0 detections on VirusTotal. in March 2023, which is the most current version.

Malware

Malware Antivirus Encryption Advertising

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

The intention behind hacking your identity might be to attack your connection with malware or to trace your location for some malicious activities in the future. It is essential to install firewall and antivirus software on your routers and keep them up-to-date. Use Strong Passwords. Ways of Protecting IP Address from Hackers.

Hacking

Hacking VPN Internet Internet

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

ForAllSecure

APRIL 26, 2023

Common Types of Cyber Attacks Common techniques that criminal hackers use to penetrate systems include social engineering, password attacks, malware, and exploitation of software vulnerabilities. Password Attacks Password attacks involve guessing or cracking passwords to gain access to systems.

Social Engineering

Social Engineering Passwords Engineering Software

Security Affairs newsletter Round 210 – News of the week

Security Affairs

APRIL 21, 2019

Analyzing OilRigs malware that uses DNS Tunneling. Facebook admitted to have stored millions of Instagram users passwords in plaintext. Avast, Avira, Sophos and other antivirus solutions show problems after. Marcus Hutchins pleads guilty to two counts of banking malware creation. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Spyware Data breaches Advertising

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Security Affairs

APRIL 16, 2019

Scranos is a powerful cross-platform rootkit-enabled spyware discovered while investigating malware posing as legitimate software like video players, drivers and even anti-virus products. “The dropper, which doubles as a password stealer, installs a driver that provides persistence to all other components to be installed in the future.

Spyware

Spyware Adware Malware Accountability

Trend Micro Apps removed from Mac App Store after being caught exfiltrating user data

Security Affairs

SEPTEMBER 11, 2018

Several anti-malware apps developed by Trend Micro have been removed from the Mac App Store because they were harvesting users’ browser history and other info. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Adware

Adware Data collection Advertising Antivirus

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

The malware was named ‘Lampion’ as this is the name used as part of its internal name. In brief, when the victim clicks on the links available in the email body the malware is downloaded from the online server. dll) was sent to the VirusTotal by SI-LAB, and 12 from 71 engines classified it as malware. Lampion trojan (P-19-2.dll)

Malware

Malware Internet Internet Antivirus

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Security Affairs

SEPTEMBER 15, 2019

At every turn in the infection chain, the malware uses legitimate services to evade detection. The malware abused living -off-the-land binaries (LOLbins) such as the command line interface of the Windows Management Instrumentation Console ( WMIC ) to download and install malicious payloads in the background. continues the researchers.

Phishing

Phishing Malware Encryption Network Security

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. com — were implicated in propagating the Triada malware. net 2014-01-20 ALIBABA CLOUD COMPUTING (BEIJING) CO., “Yehuo” ( ? ? ) com , buydudu[.]com

Mobile

Mobile Technology Manufacturing Software

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

“APT10 often attacked a service provider’s system by “spear-phishing” – sending company employees emails designed to trick them into revealing their passwords or installing malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report. Pierluigi Paganini.

Identity Theft

Identity Theft Hacking System Administration Advertising

Protecting Industrial Control Systems Against Cyberattacks – Part 1

Security Boulevard

APRIL 28, 2021

Networks can also be easily breached by social engineering, password theft, or tainted USBs, as in the Stuxnet attack. . . This renders the attacks undetectable and able to bypass conventional security solutions such as EDR, antivirus and other traditional security lines of defense. The Dangers of ICS Memory-Based Attacks.

Energy and Utilities

Energy and Utilities Malware DDOS Internet

Apple removed the popular app Adware Doctor because steals user browsing history

Security Affairs

SEPTEMBER 8, 2018

Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store. PoC: [link] #malware #virus #MacOS #Apple #MacBook #MacBookPro #CyberSecurity #privacy #GDPR #Hacking #hackers #cyberpunk #Alert. Antivirus”, and ‘Dr. Cleaner”).

Adware

Adware DNS Malware Advertising

Why Malware Crypting Services Deserve More Scrutiny

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Webinars

Trending Sources

New Shlayer Mac malware spreads via poisoned search engine results

Webinars

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Linksys force password reset to prevent Router hijacking

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

US govt agencies share details of the China-linked espionage malware Taidoor

CISA’s advisory warns of notable increase in LokiBot malware

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

CISA alert warns of Emotet attacks on US govt entities

How Many User Credentials Did Emotet Steal? Now We Know

15 billion credentials available in the cybercrime marketplaces

A new variant of HawkEye stealer emerges in the threat landscape

Experts found a new powerful modular Linux cryptominer

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Ransomware Revival: Troldesh becomes a leader by the number of attacks

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box

Security Affairs newsletter Round 201 – News of the week

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs newsletter Round 224 – News of the week

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Who Is Agent Tesla?

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

CERT France – Pysa ransomware is targeting local governments

Security Affairs newsletter Round 227

VSDC video editing software website hacked again

Experts discovered Calisto macOS Trojan, the first member of Proton RAT family

Microsoft: North Korea-linked Zinc APT targets security experts

Tracing the Supply Chain Attack on Android

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

SeroXen RAT for sale

5 Ways to Protect Yourself from IP Address Hacking

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

Security Affairs newsletter Round 210 – News of the week

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Trend Micro Apps removed from Mac App Store after being caught exfiltrating user data

A new trojan Lampion targets Portugal

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Tracing the Supply Chain Attack on Android

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Protecting Industrial Control Systems Against Cyberattacks – Part 1

Apple removed the popular app Adware Doctor because steals user browsing history

Stay Connected