2014, Cybercrime, Malware and Passwords

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER? user account — this one on Verified[.]ru

Malware

Malware Cybercrime Software Antivirus

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. Image: spur.us.

Malware

Malware Passwords Accountability Advertising

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. states Microsoft. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.” Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Security Affairs

APRIL 5, 2019

Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Experts at AT&T Alien Labs discovered a new piece of malware called Xwo that is actively scanning the Internet for exposed web services and default passwords.

Internet

Internet Internet Passwords Malware

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware

Malware DDOS IoT Cybercrime

Crooks use weaponized coronavirus map to deliver malware

Security Affairs

MARCH 12, 2020

Cybercriminals continue to exploit the fear in the coronavirus outbreak to spread malware and steal sensitive data from victims. Experts from cybersecurity Reason reported cybercrimnals are using new coronavirus -themed attacks to deliver malware. To make sure the malware can persist and keep operating, it uses the “Task Scheduler”.”

Malware

Malware Advertising Passwords Cryptocurrency

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking

Hacking Cybercrime Ransomware Government

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

Threat actor leaked data for U.S. gun exchange site on hacking forum

Security Affairs

AUGUST 13, 2020

A threat actor has released the databases of Utah-based gun exchange and hunting sites for free on a cybercrime forum. On August 10th, a hacker has leaked online the databases of Utah-based gun exchange for free on a cybercrime forum. The leaked data includes login names, hashed passwords, and email addresses.

Hacking

Hacking Data breaches Cybercrime Passwords

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. Enforce a strong password policy.

Malware

Malware Passwords Advertising Antivirus

Tedrade banking malware families target users worldwide

Security Affairs

JULY 19, 2020

The four malware families are named Guildma, Javali, Melcoz, and Grandoreiro, experts believe are the result of a Brazilian banking group/operation that is evolving its capabilities targeting banking users abroad. Experts noticed that the malware uses the BITSAdmin tool to download the additional modules. ” continues Kaspersky.

Banking

Banking Malware Phishing Advertising

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. The recent Emotet campaign uses spam messages with password-protected attachments, experts noticed a decline in infections over the weekend, a behavior already observed in the past.

Malware

Malware Passwords Advertising Cybercrime

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Passwords

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

Attacks Aimed at Disrupting the Trickbot Botnet

Krebs on Security

OCTOBER 2, 2020

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Ransomware

Ransomware Malware Healthcare Internet

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014.

DDOS

DDOS Architecture Malware Cybercrime

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. dismantled the “ RSOCKS ” botnet, a competing proxy service that had been in operation since 2014.

Passwords

Passwords Malware Internet Internet

International law enforcement operation shuts down Imminent Monitor RAT operations

Security Affairs

NOVEMBER 29, 2019

A successful new operation was announced by Europol, it announced to have dismantled the global organized cybercrime ring behind Imminent Monitor RAT. ” The law enforcement speculates hackers using the hacking tool to steal personal details, passwords, private photographs, video footage, and data from tens of thousands of victims.

Cybercrime

Cybercrime Advertising Spyware Hacking

How Many User Credentials Did Emotet Steal? Now We Know

SecureWorld News

APRIL 28, 2021

In January 2021, the FBI and other international law enforcement agencies worked together to take down one of the world's most notorious malware strains, Emotet. Change your email account password. Emotet was one of the most dangerous malwares in the world, according to Europol. How many credentials were harvested by Emotet?

Banking

Banking Passwords Malware Password Management

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

” “We use Facebook and LinkedIn for account login and do not store any passwords on our system. If you use the legacy email and password login, your passwords are encrypted, but we highly encourage that you change it. Members of the E27 are recommended to change their password as soon as possible.

Media

Media Hacking Passwords Data breaches

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Security Affairs

SEPTEMBER 30, 2020

Nikulin first breached LinkedIn between March 3 and March 4, 2012, the hacker first infected an employee’s laptop with malware then used the employee’s VPN to access LinkedIn’s internal network. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. SecurityAffairs – hacking, Cybercrime).

Identity Theft

Identity Theft Cybercrime Advertising Hacking

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Security Affairs

DECEMBER 31, 2020

An Emotet campaign hit Lithuania, the malware has infected systems at the National Center for Public Health (NVSC) and several municipalities. A large-scale Emotet campaign hit Lithuania, the malware has infected the networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities.

Passwords

Passwords Malware Telecommunications Banking

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family. The malware is able to infect all operating systems. .”

Banking

Banking Advertising Malware Cybercrime

New Coronavirus-themed campaign spread Lokibot worldwide

Security Affairs

APRIL 4, 2020

Once opened the file, the Lokibot infection starts, the malware steals sensitive information (a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials) and exfiltrates them to the URL: hxxp://bslines[.]xyz/copy/five/fre.php.

Advertising

Advertising Malware Passwords Cybercrime

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore group, aks Crypto-gang, “Dangerous Password”, and “Leery Turtle” has been active since 2018. The spear-phishing messages attempt to trick the victims into installing malware on their computer that allows attacker to steal or obtain access to a password manager account.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

Security Affairs newsletter Round 253

Security Affairs

MARCH 1, 2020

ISS reveals malware attack impacted parts of the IT environment. ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia. FBI recommends using passphrases instead of complex passwords. FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019. Lampion malware v2 February 2020.

Banking

Banking Malware Advertising Ransomware

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

The world of cybercrime is changing, and more and more malware variants have spread every day. The malware gathers login information, like usernames and passwords stored on web-browsers, which it sends to another system via email. Figure 2: Compilation and packing details of TroyStealer malware. h/t: abuse.ch.

Internet

Internet Internet Malware Banking

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

.” While CLOP as a money making collective is a fairly young organization, security experts say CLOP members hail from a group of Threat Actors (TA) known as “TA505,” which MITRE’s ATT&CK database says is a financially motivated cybercrime group that has been active since at least 2014.

Healthcare

Healthcare Backups Ransomware Insurance

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. ” reads the post published by Microsoft.

Ransomware

Ransomware Cybercrime Social Engineering Banking

New strain of Ransomware infected over 100,000 PCs in China

Security Affairs

DECEMBER 4, 2018

Security experts reported a new strain of malware spreading in China, the malicious code rapidly infected over 100,000 PCs in just four days. “The document also steals information on tens of thousands of user passwords on platforms such as Taobao and Alipay.” Securi ty Affairs – cybercrime, China).

Ransomware

Ransomware Encryption Advertising Software

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey.

Phishing

Phishing Social Engineering Malware Advertising

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

According to security experts at Fox-IT, the ransomware attack is compatible with other attacks carried out by the TA505 cybercrime gang. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors.

Ransomware

Ransomware Cyber Attacks Architecture Backups

New Emotet variant uses connected devices as proxy C2 servers

Security Affairs

APRIL 29, 2019

Researchers at Trend Micro have uncovered a malware campaign distributing a new Emotet Trojan variant that compromises devices and uses them as Proxy C2 servers. The spam emails use malicious ZIP file that can be opened with the 4-digit password included in the body of the email. SecurityAffairs – cybercrime, malware).

Advertising

Advertising Malware Cybercrime IoT

Emotet is back after a three-month hiatus

Security Affairs

MARCH 20, 2023

The infamous Emotet malware is back after a short hiatus, threat actors are spreading it via Microsoft OneNote email attachments. The Emotet malware returns after a three-month hiatus and threat actors are distributing it via Microsoft OneNote email attachments to avoid detection. The malicious DLL is then executed via regsvr32.exe

Malware

Malware Banking Engineering Passwords

A new variant of HawkEye stealer emerges in the threat landscape

Security Affairs

APRIL 17, 2019

A new variant of the HawkEye data stealer emerges in the threat landscape as part of ongoing malware distribution campaigns. New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. has been under active development since at least 2013. ” continues the analysis. .

Antivirus

Antivirus Malware Advertising Passwords

Crooks offer millions to skilled black hats to help them in extortion campaigns

Security Affairs

FEBRUARY 23, 2019

According to a new report published by the security firm Digital Shadows cybercriminal organizations are willing to pay millions to skilled hackers and malware developers. “ Highly competitive salaries and other forms of remuneration are becoming an essential element of attractive in the cybercrime ecosystem. Pierluigi Paganini.

Cybercrime

Cybercrime Penetration Testing Advertising Hacking

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Security Affairs

MARCH 30, 2020

The Zeus Sphinx malware is back, operators are now spreading it exploiting the interest in the Coronavirus outbreak. The Zeus Sphinx malware is back, it was observed in a new wave of attacks attempting to exploit the interest in the Coronavirus outbreak. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Malware Social Engineering Advertising

Security Affairs newsletter Round 199 – News of the week

Security Affairs

FEBRUARY 3, 2019

Cobalt cybercrime gang abused Google App Engine in recent attacks. Dailymotion forces password reset in response to credential stuffing Attack. CookieMiner Mac Malware steals browser cookies and sensitive Data. Exclusive: spreading CSV Malware via Google Sheets. The return of the AdvisorsBot malware.

DDOS

DDOS Data breaches Advertising Cybercrime

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

Install and regularly update anti-virus or anti-malware software on all hosts. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . ” continues the alert.

Ransomware

Ransomware VPN Advertising Government

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Giving a Face to the Malware Proxy Service ‘Faceless’

Webinars

Trending Sources

Why Malware Crypting Services Deserve More Scrutiny

Webinars

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Raccoon Malware, a success case in the cybercrime ecosystem

15 billion credentials available in the cybercrime marketplaces

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

EnemyBot malware adds new exploits to target CMS servers and Android devices

Crooks use weaponized coronavirus map to deliver malware

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Two PoS Malware used to steal data from more than 167,000 credit cards

Threat actor leaked data for U.S. gun exchange site on hacking forum

CISA’s advisory warns of notable increase in LokiBot malware

Tedrade banking malware families target users worldwide

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Attacks Aimed at Disrupting the Trickbot Botnet

Enemybot, a new DDoS botnet appears in the threat landscape

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

The Link Between AWM Proxy & the Glupteba Botnet

International law enforcement operation shuts down Imminent Monitor RAT operations

How Many User Credentials Did Emotet Steal? Now We Know

Asian media firm E27 hacked, attackers asked for a “donation”

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Silent Night Zeus botnet available for sale in underground forums

New Coronavirus-themed campaign spread Lokibot worldwide

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs newsletter Round 253

TroyStealer – A new info stealer targeting Portuguese Internet users

New Ransom Payment Schemes Target Executives, Telemedicine

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

New strain of Ransomware infected over 100,000 PCs in China

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Maastricht University finally paid a 30 bitcoin ransom to crooks

New Emotet variant uses connected devices as proxy C2 servers

Emotet is back after a three-month hiatus

A new variant of HawkEye stealer emerges in the threat landscape

Crooks offer millions to skilled black hats to help them in extortion campaigns

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Security Affairs newsletter Round 199 – News of the week

FBI issued a flash alert about Netwalker ransomware attacks

Stay Connected