SecureList

JUNE 15, 2023

Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. A MaaS operator is typically a team consisting of several people with distinct roles.

Malware 144

Malware Ransomware Cybercrime Hacking 144

Krebs on Security

NOVEMBER 14, 2024

In a series of live video chats and text messages, Mr. Shefel confirmed he indeed went by the Rescator identity for several years, and that he did operate a slew of websites between 2013 and 2015 that sold payment card data stolen from Target, Home Depot and a number of other nationwide retail chains. ” Dmitri Golubov, circa 2005. .”

Retail 252

Retail Advertising Cryptocurrency Marketing 252

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware 136

Malware Ransomware Banking Healthcare 136

Security Affairs

FEBRUARY 2, 2025

The Saim Raza group run multiple marketplaces that advertised and facilitated the sale of hacking and fraud tools, including malware, phishing kits and email extractors. ” Source KrebsOnSecurity KrebsOnSecurity first wrote about the Manipulaters in May 2015 , the cybercrime group openly advertised on forums in 2015.

Cybercrime 109

Cybercrime Advertising Phishing Hacking 109

The Hacker News

APRIL 18, 2024

Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform.

Malware 121

Malware Government 121

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. DataProtector was launched in 2015, while CyberScan was launched in 2019. Pierluigi Paganini.

Malware 142

Malware Antivirus Cybercrime Software 142

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA.

Marketing 300

Marketing Energy and Utilities Malware Ransomware 300

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware 145

Malware Encryption Advertising Passwords 145

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware 145

Malware Advertising Ransomware Encryption 145

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Malware 144

Malware Advertising Cryptocurrency Accountability 144

Krebs on Security

FEBRUARY 19, 2021

The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015. According to prosecution documents, Marcu and The Shark spotted my reporting shortly after it was published in 2015, and discussed what to do next on a messaging app: The Shark: Krebsonsecurity.com See this.

Banking 330

Banking Accountability Cybercrime Mobile 330

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. The Crutch framework was employed in attacks since 2015 to siphon sensitive data and transfer them to Dropbox accounts controlled by the Russian hacking group. ” Pierluigi Paganini.

Malware 145

Malware Accountability Hacking Government 145

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. com via Domaintools.com shows the domain was assigned in 2015 to a company called “ Shanghai Blazefire Network Technology Co. com 2015-03-09 GODADDY.COM, LLC.

Mobile 273

Mobile Technology Manufacturing Malware 273

The Last Watchdog

AUGUST 20, 2019

And, increasingly, they come riddled with some of the most invasive types of malware. It found that where there should be a 2019 8-core Snapdragon CPU, the counterfeit device might have a 2015-era 4-core CPU running at a lower frequency coupled with a feeble GPU. Saturated with malware So what’s the big security concern?

Malware 185

Malware Mobile Manufacturing Marketing 185

Malwarebytes

MAY 25, 2022

Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. Microsoft said that XorDDoS continues to home on Linux-based systems, demonstrating a significant pivot in malware targets. MMD believed the Linux Trojan originated in China.

Malware 142

Malware IoT DDOS DNS 142

Krebs on Security

OCTOBER 15, 2020

Gemini says its data indicated some 156 Dickey’s locations across 30 states likely had payment systems compromised by card-stealing malware, with the highest exposure in California and Arizona. Gemini puts the exposure window between July 2019 and August 2020.

Data breaches 361

Data breaches Cybercrime Retail Banking 361

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising 240

Advertising Antivirus Software Malware 240

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware 142

Malware Banking Software Cybercrime 142

Security Affairs

AUGUST 26, 2020

after attempting to recruit an employee at a targeted company to plant a malware. US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. “He explained the malware attacks the systems in two ways.

Malware 145

Malware DDOS Advertising Hacking 145

The Hacker News

AUGUST 18, 2022

A.NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015. "It

Malware 110

Malware Cybersecurity 110

Malwarebytes

NOVEMBER 16, 2021

This remote access Trojan (RAT) was first discovered in infected Windows computers in 2017 by the Indian Computer Emergency Response Team (CERT-IN), but it has been active since at least 2015. CERT-IN had described GravityRAT as “unlike most malware, which are designed to inflict short term damage.

Malware 141

Malware Encryption Media Marketing 141

Security Affairs

DECEMBER 27, 2024

Some of the vulnerabilities exploited by the botnets are CVE-2015-2051 , CVE-2019-10891 , CVE-2022-37056 , and CVE-2024-33112. The script uses various methods like “wget,” “ftpget,” “curl,” and “tftp” to download the malware. ” reads the report published by Fortinet.

Architecture 69

Architecture Malware DNS DDOS 69

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware 130

Malware Data collection Manufacturing Healthcare 130

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” The post EnemyBot malware adds new exploits to target CMS servers and Android devices appeared first on Security Affairs. LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware 145

Malware DDOS IoT Cybercrime 145

Security Affairs

FEBRUARY 13, 2023

Alleged Russian threat actors have been targeting cryptocurrency users in Eastern Europe with Enigma info-stealing malware. A malware campaign conducted by alleged Russian threat actors has been targeting users in Eastern European in the crypto industry. ” continues the report. Stolen data are exfiltrated through Telegram.

Cryptocurrency 98

Cryptocurrency Malware Media Phishing 98

Malwarebytes

MARCH 15, 2022

Those certificates are now being used to sign malware. From there, any cybercriminal that wanted to could grab the certificates and use them to sign their malware. The two leaked Nvidia certificates have expired, being valid from 2011 to 2014 and 2015 to 2018. Mitigation. One of them just barely (by two days).

Malware 120

Malware Software System Administration Ransomware 120

The Hacker News

JULY 17, 2023

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin said. "It

Malware 97

Malware Phishing 97

The Last Watchdog

JUNE 21, 2020

File encryption 2013 – 2015. Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. RaaS rollout 2015 – 2018. Crypt0L0cker, and TorrentLocker.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Krebs on Security

DECEMBER 8, 2021

Darkode was taken down in 2015 as part of an FBI investigation sting operation , but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009. ” The U.S. federal prosecution against Skorjanc and McCormick is ongoing.

Cybercrime 329

Cybercrime Ransomware Accountability Advertising 329

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware 129

Malware Cybercrime Banking Hacking 129

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. It describes malware being iterated by hackers who’ve clearly been doing this for a long while.

Energy and Utilities 330

Energy and Utilities Malware Hacking Passwords 330

Bleeping Computer

JANUARY 17, 2024

A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. [.]

Cybercrime 110

Cybercrime Malware 110

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware 98

Malware Cybercrime Phishing Internet 98

The Hacker News

DECEMBER 1, 2021

A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence.

Malware 141

Malware 141

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team. of GandCrab.

Ransomware 276

Ransomware Accountability Cybercrime Passwords 276

Krebs on Security

MAY 16, 2019

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name. Prosecutors say Nikolov, a.k.a.

Cybercrime 215

Cybercrime Banking Small Business Computers and Electronics 215

The Hacker News

JULY 8, 2024

That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware. Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal

Banking 123

Banking Cyber Attacks Malware 123