Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. “Antivirus software trusts signed programs more.

Malware 314

Malware Cybercrime Software Accountability 314

Security Affairs

MAY 10, 2019

A Russian hacking group Fxmsp is offering for sale the access to the networks of at least three antivirus companies in the US and source code of their software. Buyers can also pay at least $300,000 acquiring both, the price depends on the antivirus company. ” The man is involved in cybercrime activities since mid-2000.

Antivirus 111

Antivirus Hacking Cybercrime Artificial Intelligence 111

Krebs on Security

SEPTEMBER 6, 2021

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. One of several current Fudtools sites run by The Manipulaters.

Software 317

Software Phishing Cybercrime Accountability 317

Security Affairs

NOVEMBER 22, 2020

“Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. SecurityAffairs – hacking, cybercrime).

Malware 141

Malware Antivirus Cybercrime Software 141

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 250

Hacking Cybercrime Ransomware Government 250

Security Affairs

APRIL 16, 2025

It is not a first time that smartphones come with pre-installed malware, earlier 2015, the security firm Bluebox discovered a preinstalled malware , many malicious apps, and a series of security holes on the Xiaomi Mi 4 smartphone. .” concludes the report that includes indicators of compromise (IoCs).

Malware 127

Malware Manufacturing Mobile Spyware 127

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime 92

Cybercrime DNS Malware Advertising 92

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. When Oneiilk2 registered on Exploit in January 2015, he used the email address hottabych_k2@mail.ru. of GandCrab.

Ransomware 279

Ransomware Accountability Cybercrime Passwords 279

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Dmitry Yuryevich Khoroshev.

Ransomware 314

Ransomware Cybercrime Accountability Malware 314

Security Affairs

NOVEMBER 3, 2022

On the other end, FIN7 is a Russian financially motivated group that has been active since at least 2015. The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution. ” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cybercrime 108

Cybercrime Ransomware Antivirus Malware 108

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms.

Phishing 299

Phishing Cybercrime Malware Advertising 299

Webroot

MARCH 12, 2025

But if your hard drive crashes, your laptop gets stolen, or you fall victim to cybercrime, the loss can be devastating. Many hard drives fail in less than three years , and its been found that the newer drives have shorter lifespans than those manufactured before 2015. Its a nightmare scenario that happens more often than you think.

Backups 91

Backups Encryption Antivirus Data preservation 91

The Last Watchdog

JUNE 21, 2020

File encryption 2013 – 2015. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift. RaaS rollout 2015 – 2018. Another fundamental tweak was the onset of Ransomware-as-a-Service (RaaS) in May 2015. pharma giant ExecuPharm. About the essayist.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

MARCH 18, 2020

In January, Chinese hackers have exploited another zero-day vulnerability in the Trend Micro OfficeScan antivirus in an attack that hit Mitsubishi Electric. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, cybercrime). Pierluigi Paganini.

Authentication 137

Authentication Advertising Antivirus Cybercrime 137

Security Affairs

SEPTEMBER 22, 2018

The Latvian expert Ruslans Bondars (37), who developed and run the counter antivirus service Scan4You has been sentenced to 14 years in prison. Scan4you is a VirusTotal like online multi-engine antivirus scanning service that could be used by vxers to test evasion abilities of their malware against the major antiviruses.

Malware 111

Malware Antivirus Retail Advertising 111

Security Affairs

DECEMBER 29, 2019

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. The group that has been active since late 2015 targeted businesses worldwide to steal payment card information. ” Fortinet concludes. Pierluigi Paganini. SecurityAffairs – FIN7, malware).

Cybercrime 93

Cybercrime Antivirus Identity Theft Advertising 93

Security Affairs

MARCH 10, 2020

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. ” continues Microsoft. Pierluigi Paganini.

Ransomware 144

Ransomware Cybercrime Social Engineering Banking 144

Security Affairs

SEPTEMBER 7, 2020

A recently discovered cybercrime gang, tracked as Epic Manchego , is using a new technique to create weaponized Excel files that are able to bypass security checks. Some antivirus solutions specifically analyze this section look for malicious VBA code in the Excel docs. Pierluigi Paganini. SecurityAffairs – hacking, Norway).

Cybercrime 134

Cybercrime Phishing Advertising Antivirus 134

Security Affairs

APRIL 27, 2020

The cybercrime gang also apologized for the damages they have caused their victims. We are also publishing our decryption soft; we also hope that, having the keys, antivirus companies will issue their own more user-friendly decryption tools.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 145

Ransomware Advertising Antivirus Cybercrime 145

Security Affairs

JULY 8, 2020

Since March 2019, Fxmsp announced in cybercrime forums the availability of information stolen from major antivirus companies located in the U.S. The conspirators often modified antivirus software settings to allow malware to continue to run undetected.” Attorney Brian T.

Hacking 112

Hacking Antivirus Advertising Cybercrime 112

Security Affairs

APRIL 14, 2019

The crooks used malicious emails purporting to be legitimate from such entities as Western Union, Norton AntiVirus and the IRS to spread the malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Romanian Duo, cybercrime). Gaughan in the Northern District of Ohio.

Cryptocurrency 111

Cryptocurrency Identity Theft Advertising Accountability 111

Security Affairs

OCTOBER 11, 2020

ransomware displays ransom note in innovative way Carnival confirms data breach as a result of the August ransomware attack Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP) Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns. Pierluigi Paganini.

Advertising 102

Advertising Hacking Antivirus Ransomware 102

Security Affairs

AUGUST 3, 2020

He had no previous criminal records at the time of the arrest, but it is known to be a member of a cybercrime forum to become an affiliate for the GandCrab ransomware operation. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ransom amount, individual bots and encryption masks). million dollars per week.

Ransomware 145

Ransomware Advertising Malware Hacking 145

Security Affairs

MARCH 19, 2020

Operators behind the Pysa ransomware, also employed a version of the PowerShell Empire penetration-testing tool, they were able to stop antivirus products. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Pysa ransomware, cybercrime). newversion file extension instead of.

Government 142

Government Ransomware Encryption Penetration Testing 142

Security Affairs

APRIL 17, 2019

The latest variant appeared in the cybercrime underground in December 2018, it was named HawkEye Reborn v9. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The author is selling it through a licensing model and is also offering access to updates for specific periods of time. Pierluigi Paganini.

Antivirus 108

Antivirus Malware Advertising Passwords 108

Security Affairs

NOVEMBER 4, 2018

” Kraken Cryptor is a ransomware-as-a-service (RaaS) affiliate program that first appeared in the cybercrime underground on August 16, 2018, it was advertised in a top-tier Russian-speaking cybercriminal forum by the threat actor ThisWasKraken. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 111

Ransomware Advertising Cybercrime Malware 111

Security Affairs

SEPTEMBER 20, 2019

Experts revealed that the botnet was used by the TA505 cybercrime gang to distribute the FlawedAmmy RAT and some email stealers. The Amedey malware sends back to the server several data, including a unique identifier of the infected system, the malware version, operating system, antivirus software, system name, and username.

Phishing 108

Phishing Social Engineering Malware Advertising 108

Security Affairs

SEPTEMBER 22, 2020

The Lokibot malware has been active since 2015, it is an infostealer that was involved in many malspam campaigns aimed at harvest credentials from web browsers, email clients, admin tools and that was also used to target cryptocoin-wallet owners. Below the list of mitigations: Maintain up-to-date antivirus signatures and engines.

Malware 103

Malware Passwords Advertising Antivirus 103

Security Affairs

SEPTEMBER 7, 2020

Generally speaking, removal/cleaning by antivirus is not a sufficient guarantee. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. . • Limit Internet access for all agents to a controlled white list. Disconnect compromised machines from the network without deleting data. Send the samples (.doc

Malware 144

Malware Advertising Antivirus Banking 144

Security Affairs

JANUARY 26, 2020

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Russian operator of Cardplanet carding site pleads guilty in the US. Cisco Webex flaw allows unauthenticated remote attackers to join private meetings.

Data breaches 112

Data breaches Advertising Antivirus DDOS 112

Security Affairs

SEPTEMBER 16, 2019

The researchers provided evidence that the threat actors sold the purchased certificates to a cybercrime gang that used them to spread malware. The verification is done using a public antivirus scanning service, then the threat actors use the file scan record as “a clean bill of health” for potential buyers. Pierluigi Paganini.

Adware 105

Adware Advertising Marketing Antivirus 105

Security Affairs

JUNE 12, 2019

“The hospitality industry, and particularly their POS networks, continues to be one of the industries most targeted by cybercrime groups. What’s more, attackers know that many POS systems run with only rudimentary security as traditional antivirus is too heavy and requires constant updating that can interfere with system availability.”

Hacking 106

Hacking Malware Advertising Cybercrime 106

Security Affairs

OCTOBER 12, 2019

The group that has been active since late 2015 targeted businesses worldwide to steal payment card information. In August 2018, three members of the notorious cybercrime gang have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. .

Identity Theft 104

Identity Theft Hacking Advertising DNS 104

Security Affairs

APRIL 21, 2019

Operator of Codeshop Cybercrime Marketplace Sentenced to 90 months in prison. Avast, Avira, Sophos and other antivirus solutions show problems after. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Facebook admitted to have stored millions of Instagram users passwords in plaintext.

Computers and Electronics 94

Computers and Electronics Data breaches Spyware DNS 94

Security Affairs

NOVEMBER 5, 2020

The technique was already employed by other Chinese APT groups since 2013, later it was also adopted by other cybercrime gangs in attacks in the wild. ’ In a first attack scenario, hackers leverage a Microsoft antivirus component to load mpsvc.dll that acts as a loader for Groza_1.dat. Pierluigi Paganini.

Encryption 118

Encryption Malware Advertising Antivirus 118

Security Affairs

AUGUST 24, 2020

For instance, to disable built-in antivirus software, the attackers used Defender Control and Your Uninstaller. Group-IB’s technological leadership is built on the company’s 17 years of hands-on experience in cybercrime investigations around the world and 60 000 hours of cyber security incident response accumulated in one of ???

Threat Detection 127

Threat Detection Ransomware Advertising Cybercrime 127

Security Affairs

JULY 27, 2018

In 2015, Melvin (25) and Dennis van den B. (21), In 2015, after the arrest of the suspects, the authorities seized the command and control server. In order to protect your computer from malware: Ensure your system software and antivirus definitions are up-to-date. Security Affairs – CoinVault Ransomware, cybercrime).

Ransomware 69

Ransomware Advertising Antivirus Cybercrime 69