2014, Cybercrime, DNS and Malware - Cyber Security Informer

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. SecurityAffairs – hacking, malware).

Cryptocurrency

Cryptocurrency Cybercrime DNS Malware

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. hospitals and healthcare providers. Pierluigi Paganini.

Healthcare

Healthcare Ransomware Cybercrime Advertising

TA505 Cybercrime targets system integrator companies

Security Affairs

NOVEMBER 12, 2019

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. The two Macros decoded a Javascript payload acting as a drop and execute by using a well-known strategy as described in: “ Frequent VBA Macros used in Office Malware ”. Introduction. net http[://com-mk84.net.

Cybercrime

Cybercrime Computers and Electronics Penetration Testing Malware

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

Security Affairs

DECEMBER 19, 2020

The Joker’s Stash carding platform has been active since October 7, 2014, it focuses on the sale of stolen payment card details. At the time of this writing the Joker’s Stash’s.bazar,lib,emc,coin domains, which are all those accessible via blockchain DNS, are simply showing a “Server Not Found” message. . Pierluigi Paganini.

DNS

DNS Cybercrime Hacking Information Security

Joker’s Stash, the largest carding site, is shutting down

Security Affairs

JANUARY 16, 2021

The administrator announced the decision via messages posted on various cybercrime forums. Joker’s Stash is one of the most longevous carding websites, it was launched in October 2014 and is very popular in the cybercrime underground due to the freshness of its cards and their validity. Image source FlashPoint.

Cybercrime

Cybercrime DNS Hacking Marketing

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware

Malware DNS Financial Services Retail

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. In 2014, the U.S. An advertisement for Orcus RAT.

Advertising

Advertising Malware Marketing Software

Security Affairs newsletter Round 210 – News of the week

Security Affairs

APRIL 21, 2019

Analyzing OilRigs malware that uses DNS Tunneling. Operator of Codeshop Cybercrime Marketplace Sentenced to 90 months in prison. Marcus Hutchins pleads guilty to two counts of banking malware creation. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Spyware Data breaches Advertising

The kingpin behind Joker’s Stash retires with a billionaire exit

Security Affairs

FEBRUARY 14, 2021

The administrator announced the decision via messages posted on various cybercrime forums. Joker’s Stash is one of the most longevous carding websites, it was launched in October 2014 and is very popular in the cybercrime underground due to the freshness of its cards and their validity. Image source FlashPoint.

Cybercrime

Cybercrime Backups Hacking DNS

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

In August 2018, three members of the notorious cybercrime gang have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic.

Identity Theft

Identity Theft Hacking Advertising DNS

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Security Affairs

AUGUST 8, 2018

Ramnit is one of the most popular banking malware families in existence today, it was first spotted in 2010 as a worm, in 2011, its authors improved it starting from the leaked Zeus source code turning the malware into a banking Trojan. In 2014 it reached the pinnacle of success, becoming the fourth largest botnet in the world.

Malware

Malware DNS Encryption Banking

The Story of Manuel’s Java RAT.

Security Affairs

JANUARY 25, 2019

During the last weeks, the Cybaze-Yoroi ZLab researchers identified infection attempts aimed to install RAT malware directed to the naval industry sector. Instead, in this case, Cybaze-Yoroi ZLab detected the usage of multiplatform Java malware. Figure 5 – Open directory used by malware to download jre.zip component.

Malware

Malware VPN Advertising InfoSec

WinDealer dealing on the side

SecureList

JUNE 2, 2022

In their initial disclosures on this threat actor, TeamT5 identified three malware families: SpyDealer, Demsty and WinDealer. In 2020, we discovered a whole new distribution method for the WinDealer malware that leverages the automatic update mechanism of select legitimate applications. WinDealer is a modular malware platform.

Malware

Malware Encryption Social Engineering Telecommunications

Necurs Botnet adopts a new strategy to evade detection

Security Affairs

MARCH 4, 2019

Necurs botnet is currently the second largest spam botnet , it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware , the Scarab ransomware , and the Dridex banking Trojan. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Banking Advertising Ransomware

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. But what kind of malware is this Elknot Trojan? This malware is an update and reuse from the Elknot’s malware source code.

DDOS

DDOS Malware Encryption Penetration Testing

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

The PyInstaller module for Windows contains a script named “Guard” Interestingly, this malware was developed for both Windows and macOS operating systems. The malware tries to spread to other hosts on the network by infecting USB drives. After this, they were tricked into downloading previously unknown malware.

Malware

Malware Banking Energy and Utilities Accountability

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Security Affairs

AUGUST 20, 2019

Group-IB has limited some of the data in the reports that could hinder investigations into the group’s cybercrimes. The Trojan is used during the lateral movement stage and is designed to control compromised systems by performing tasks through the command shell and tunneling traffic using the DNS protocol. Silence going global.

Banking

Banking Cybercrime Cybersecurity Advertising

Cobalt cybercrime gang targets Russian and Romanian banks

Security Affairs

SEPTEMBER 1, 2018

Security experts from Netscout’s ASERT uncovered a new campaign carried out by the Cobalt cybercrime group. The experts also detected two malware samples used in the campaign, a JavaScript backdoor and another malicious code tracked as COOLPANTS, a reconnaissance backdoor associated with the group. Pierluigi Paganini.

Cybercrime

Cybercrime Banking Phishing Advertising

FIN7 is back with a previously unseen SQLRat malware

Security Affairs

MARCH 22, 2019

The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak ) used new malware in a recent hacking campaign. ” continues the analysis.

Malware

Malware Identity Theft Cybercrime Hacking

The SLoad Powershell malspam is expanding to Italy

Security Affairs

NOVEMBER 27, 2018

sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “ Ramnit banker”. Technical details, including IoCs and Yara Rules, about the sLoad malware are available on the Yoroi blog. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Spyware

Spyware DNS Advertising Malware

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. Compromising IT networks using traditional techniques and malware — including living off the land attacks — is the main vector for penetrating isolated segments of OT networks.

Banking

Banking Telecommunications Marketing Internet

APT trends report Q1 2021

SecureList

APRIL 27, 2021

In our initial report on Sunburst , we examined the method used by the malware to communicate with its C2 (command-and-control) server and the protocol used to upgrade victims for further exploitation. This campaign made use of a previously unknown malware family we dubbed FourteenHi.

Malware

Malware Spyware Government Social Engineering

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Cryptomining Campaign involves Golang malware to target Linux servers. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Scams

Scams Spyware DNS Advertising

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

Fox IT

JUNE 23, 2020

Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017. Business associations are fairly fluid in organised cybercrime groups, Partnerships and affiliations are formed and dissolved much more frequently than in nation state sponsored groups, for example.

Ransomware

Ransomware Encryption Malware Architecture

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Government Surveillance Spyware

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Cyber Security Informer

Why Malware Crypting Services Deserve More Scrutiny

Chinese-speaking cybercrime gang Rocke changes tactics

Webinars

Trending Sources

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Webinars

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

TeamTNT group adds new detection evasion tool to its Linux miner

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

TA505 Cybercrime targets system integrator companies

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

Joker’s Stash, the largest carding site, is shutting down

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Canadian Police Raid ‘Orcus RAT’ Author

Security Affairs newsletter Round 210 – News of the week

The kingpin behind Joker’s Stash retires with a billionaire exit

FIN7 Hackers group is back with a new loader and a new RAT

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

The Story of Manuel’s Java RAT.

WinDealer dealing on the side

Necurs Botnet adopts a new strategy to evade detection

New Linux/DDosMan threat emerged from an evolution of the older Elknot

IT threat evolution Q3 2021

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Cobalt cybercrime gang targets Russian and Romanian banks

FIN7 is back with a previously unseen SQLRat malware

The SLoad Powershell malspam is expanding to Italy

Group-IB presents its annual report on global threats to stability in cyberspace

APT trends report Q1 2021

Security Affairs newsletter Round 221 – News of the week

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

APT trends report Q3 2021

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Stay Connected