2016 and Antivirus - Cyber Security Informer

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

These two software are currently unknown to most if not all antivirus companies.” The 911 user interface, as it existed when the service first launched in 2016. net circa 2016, which shows it was the home of a pay-per-install affiliate program that incentivized the silent installation of its software. com , cleantraffic[.]net

VPN

VPN Computers and Electronics Antivirus Software

Malicious MS Office Macro Creator

Schneier on Security

MAY 8, 2019

The VBA stomping is the most powerful feature, because it gets around antivirus programs: VBA stomping abuses a feature which is not officially documented: the undocumented PerformanceCache part of each module stream contains compiled pseudo-code (p-code) for the VBA engine. It runs on Linux, OSX and Windows.

Antivirus

Antivirus Engineering Malware

Hackers penetrated NEC defense business division in 2016

Security Affairs

JANUARY 31, 2020

Japanese electronics and IT giant NEC confirmed a security breach suffered by its defense business division in December 2016. The IT giant NEC confirmed that the company defense business division has suffered a security breach back in December 2016. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Advertising Antivirus Encryption

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. Now ZDNet has learned from sources close to the investigation that the Chinese hackers have used a zero-day flaw in the Trend Micro OfficeScan antivirus in the attack on Mitsubishi Electric.

Antivirus

Antivirus Hacking Advertising Media

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231 The Triada Trojan was spotted for the first time in 2016 by researchers at Kaspersky Lab who considered it the most advanced mobile threat seen to the date of the discovery.

Malware

Malware Cryptocurrency Mobile Firmware

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The software is broadly classified as malware by most antivirus companies, likely thanks to an advertised feature list that includes dumping the remote computer’s temporary memory; retrieving passwords from dozens of email programs; snarfing the target’s Wi-Fi credentials; and viewing the target’s Webcam.

Advertising

Advertising Antivirus Software Malware

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

Krebs on Security

FEBRUARY 26, 2019

Following their dramatic arrests in 2016, many news media outlets reported that the men were suspected of having tipped off American intelligence officials about those responsible for Russian hacking activities tied to the 2016 U.S. Both men maintained their innocence throughout the trial. presidential election.

Cybersecurity

Cybersecurity Cybercrime Media Antivirus

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

The Last Watchdog

AUGUST 18, 2021

This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering. billion in 2016, for instance. Related: The coming of ubiquitous passwordless access.

Antivirus

Antivirus Marketing Identity Theft Social Engineering

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

Security Affairs

MAY 5, 2022

Researcher discovered a couple of high-severity security flaws that affect a driver used by Avast and AVG antivirus solutions. SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, that affect a driver used by Avast and AVG antivirus solutions.

Antivirus

Antivirus Hacking Software Cybersecurity

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. A packer (aka “Crypter” and “FUD”) implements a series of functionalities to make it harder for antivirus programs to detect the malware.

Malware

Malware Antivirus Manufacturing Healthcare

Feds Target $100M ‘GozNym’ Cybercrime Network

Krebs on Security

MAY 16, 2019

The indictments unsealed in a Pennsylvania court this week stem from a slew of cyber heists carried out between October 2015 and December 2016. “JekaProf” and “procryptgroup” from Moldova, specialized in “crypting” or obfuscating the GozNym malware to evade detection by antivirus software.

Cybercrime

Cybercrime Banking Small Business Computers and Electronics

Wipro Intruders Targeted Other Major IT Firms

Krebs on Security

APRIL 18, 2019

based company in 2016 and 2017. “This was the same tool that was used to effectuate the cyber-attack in Spring 2016. Intersec [the forensic investigator] also determined that the attackers had run searches on the Maritz system for certain words and phrases connected to the Spring 2016 attack.”

Retail

Retail Phishing Internet Internet

ESET antivirus bug let attackers gain Windows SYSTEM privileges

Bleeping Computer

FEBRUARY 2, 2022

Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above. [.].

Antivirus

Antivirus Internet Internet

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

In July 2017, Russian antivirus vendor Dr.Web published research showing that Triada had been installed by default on at least four low-cost Android models. com 2016-02-18 ALIBABA CLOUD COMPUTING (BEIJING) CO., At least another five of the domains registered to tosaka1027@gmail.com — 99youx[.]com com , buydudu[.]com 2333youxi[.]com

Mobile

Mobile Technology Manufacturing Malware

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking

Hacking Cybercrime Ransomware Government

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Megatraffer explained that malware purveyors need a certificate because many antivirus products will be far more interested in unsigned software, and because signed files downloaded from the Internet don’t tend to get blocked by security features built into modern web browsers. 2016 sales thread on Exploit.

Malware

Malware Cybercrime Software Accountability

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

Security Affairs

FEBRUARY 7, 2020

Japanese defense contractors Pasco and Kobe Steel have disclosed security breaches that they have suffered back in 2016 and 2018. Kobe identified unauthorized access to its network in August 2016 and in June 2017, Pasco had detected the intrusion in May 2018. According to people involved, Chinese hackers Tick may have been involved.

Manufacturing

Manufacturing Data breaches Advertising Antivirus

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The infamous Locky ransomware was first spotted in the wild in February 2016. CryptXXX, another major family discovered in April 2016 and later rebranded as UltraCrypter, relied on exploit kits that used software vulnerabilities to infiltrate systems. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. ” The employees who kept things running for RSOCKS, circa 2016. In 2016, while the U.S.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

In July 2017, Russian antivirus vendor Dr.Web published research showing that Triada had been installed by default on at least four low-cost Android models. com 2016-02-18 ALIBABA CLOUD COMPUTING (BEIJING) CO., At least another five of the domains registered to tosaka1027@gmail.com — 99youx[.]com com , buydudu[.]com 2333youxi[.]com

Mobile

Mobile Technology Manufacturing Software

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Security Affairs

SEPTEMBER 22, 2018

The Latvian expert Ruslans Bondars (37), who developed and run the counter antivirus service Scan4You has been sentenced to 14 years in prison. Scan4you is a VirusTotal like online multi-engine antivirus scanning service that could be used by vxers to test evasion abilities of their malware against the major antiviruses.

Malware

Malware Antivirus Retail Advertising

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta, build 001 CVE-2020-9377 D-Link DIR-610 CVE-2016-11021 D-Link DCS-930L devices before 2.12 Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

NeroWolfe seems to have abandoned all of his forum accounts sometime in 2016. In November 2016, an exploit[.]ru One strong possible candidate is Cerber ransomware , the most popular and effective affiliate program operating between early 2016 and mid-2017.

Ransomware

Ransomware Cybercrime Accountability Malware

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

” Zloader is a banking malware that has been active at least since 2016, it borrows some functions from the notorious Zeus 2.0.8.9 banking Trojan and was used to spread Zeus-like banking trojan (i.e. Zeus OpenSSL). ” reads a post published by Microsoft.

Banking

Banking Malware Telecommunications Antivirus

Experts found a new powerful modular Linux cryptominer

Security Affairs

NOVEMBER 26, 2018

Security experts from Russian antivirus firm Dr.Web have discovered a new strain of Linux cryptominer tracked as Linux.BtcMine.174. 174 Linux cryptominer uses one of two privilege escalation exploits CVE-2016-5195 (aka Dirty COW) and CVE-2013-2094 to get root permissions on the infected system. The Linux.BtcMine.174

Antivirus

Antivirus Malware Advertising DDOS

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

Security Affairs

OCTOBER 11, 2018

In June 2017, researchers at antivirus firm ESET discovered a new strain of malware, dubbed Industroyer, that was designed to target power grids. Industroyer was involved in the December 2016 attack aimed at an electrical substation in Ukraine that caused significant power outages. ” reads the analysis published by ESET.

Malware

Malware Passwords Advertising Antivirus

Who Is Agent Tesla?

Krebs on Security

OCTOBER 22, 2018

Sometime in mid-2016 the site’s registration records were hidden behind WHOIS privacy services [full disclosure: Domaintools is a previous advertiser on KrebsOnSecurity]. That Gmail address is tied to a Youtube.com account for a Turkish individual by the same name who has uploaded exactly three videos over the past four years.

Software

Software Accountability Malware Healthcare

Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue

Security Affairs

JUNE 8, 2023

The vulnerability was reported by researchers Jan Vojtěšek, Milánek, and Luigino Camastra from Avast Antivirus firm. Below is a video demonstrating how the exploit works on Windows Server 2016. The issue can be chained with a code execution bug to spread malware. ” reads the analysis published by the experts.

Antivirus

Antivirus Malware Risk Hacking

Russia-linked APT28 targets govt bodies with fake NATO training docs

Security Affairs

SEPTEMBER 23, 2020

Even today, less than half of the known antivirus engines are flagging the infection on VirusTotal , as observed by BleepingComputer: The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Antivirus

Antivirus Government Malware Advertising

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

” Microleaves has long been classified by antivirus companies as adware or as a “potentially unwanted program” (PUP), the euphemism that antivirus companies use to describe executable files that get installed with ambiguous consent at best, and are often part of a bundle of software tied to some “free” download.

Advertising

Advertising Software Computers and Electronics Internet

Latest MITRE EDR Evaluations Contain Some Surprises

eSecurity Planet

MAY 3, 2021

In the weeks ahead, we’ll be using the results as we re-examine our top endpoint detection and response (EDR) and antivirus product lists. That said, the raw numbers alone contain some interesting insights. MITRE results analyzed.

Antivirus

Antivirus Marketing Retail Firewall

Experts discovered Calisto macOS Trojan, the first member of Proton RAT family

Security Affairs

JULY 21, 2018

The malware was uploaded to VirusTotal way back in 2016, most likely the same year it was created. But for two whole years, until May 2018, Calisto remained off the radar of antivirus solutions, with the first detections on VT appearing only recently.” Use antivirus software. ” researchers explained.

Advertising

Advertising Malware Antivirus Accountability

Behind the scenes with the head of Kaspersky’s GReAT

SecureList

JUNE 22, 2021

Unfortunately, none of the antivirus products that were available back then were actually able to clean the virus, so the teachers who knew I had some experience with computers asked me if I could write an antivirus for it. And slowly, this turned into a more capable antivirus product. What makes research successful?

Antivirus

Antivirus Malware Artificial Intelligence Engineering

50 Ways to Avoid Getting Scammed on Black Friday

Adam Levin

NOVEMBER 17, 2020

Leverage antivirus software. Protect yourself from malware by purchasing, updating, and upgrading antivirus software. Back in 2016, hundreds of fake retailer apps flooded Apple’s App Store just in time for the holiday shopping season. (Think of Google Chrome blocking you from visiting a suspicious website.)

Scams

Scams Retail Banking Passwords

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The malicious code is used by the hackers to deliver a Moner (XMR) crypto miner that is not detected by almost any antivirus solution. In addition to the C2 change, functionality was also added to their LSD malware to exploit ActiveMQ servers vulnerable to CVE-2016-3088.”

Cybercrime

Cybercrime DNS Malware Advertising

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

The loader is also designed to gather system information, retrieve a list of installed antivirus solutions, cryptocurrency wallets, banking, and mail apps, and exfiltrate the information to a remote server. ” reads the post published by Zscaler. That’s not all. ” concludes the report.

Banking

Banking Malware Antivirus Phishing

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. In one case, attackers attempted to exploit, without success, the CVE-2017-16238 vulnerability in a vulnerable driver for the antivirus product called Vir.IT

Malware

Malware Phishing Antivirus Hacking

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Another technique used by cybercriminals to bypass antivirus systems is a targeted attack, in which malicious email are delivered outside regular working hours. More than 80% of all malicious files were disguised as .zip

Ransomware

Ransomware Antivirus Malware Banking

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

MARCH 28, 2019

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. “It’s best to check new software with an antivirus or at least use popular free virus-scanning services,”. ” Kaspersky says. .

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild

Security Affairs

JULY 6, 2022

Researchers from Palo Alto Networks Unit 42 discovered that a sample uploaded to the VirusTotal database on May 19, 2022 and considered benign by almost all the antivirus, was containing a payload associated with Brute Ratel C4 (BRc4), a new red-teaming and adversarial attack simulation tool.

Antivirus

Antivirus Penetration Testing Phishing Hacking

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. In one case, attackers attempted to exploit, without success, the CVE-2017-16238 vulnerability in a vulnerable driver for the antivirus product called Vir.IT

Malware

Malware Antivirus Hacking Accountability

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

The new variant of the malware is currently undetected by most of the antivirus firms, the incorporation of the BlueKeep scanner suggests that operators would explore financial opportunities on Windows platforms too. In May, Internet scans found nearly one million systems vu lnerable to the BlueKeep flaw.

Cryptocurrency

Cryptocurrency Internet Internet Malware

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Security Affairs

JUNE 12, 2019

The last time security experts documented the FIN8’s activities was in 2016 and 2017. What’s more, attackers know that many POS systems run with only rudimentary security as traditional antivirus is too heavy and requires constant updating that can interfere with system availability.”

Hacking

Hacking Malware Advertising Cybercrime

Millions put at risk by old, out of date routers

Malwarebytes

MAY 7, 2021

There has been much discussion of antivirus protection, patching your software, and using VPNs. Based on its assessment, it reckons that at least two million Britons are at risk from routers that haven’t been updated since 2016. But what if the security flaws aren’t in your phones or laptops, but the router your ISP gave you?

Risk

Risk Passwords Internet Internet

A Deep Dive Into the Residential Proxy Service ‘911’

Malicious MS Office Macro Creator

Trending Sources

Hackers penetrated NEC defense business division in 2016

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

New Triada Trojan comes preinstalled on Android devices

Who’s Behind the RevCode WebMonitor RAT?

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

TrickGate, a packer used by malware to evade detection since 2016

Feds Target $100M ‘GozNym’ Cybercrime Network

Wipro Intruders Targeted Other Major IT Firms

ESET antivirus bug let attackers gain Windows SYSTEM privileges

Tracing the Supply Chain Attack on Android

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Happy 13th Birthday, KrebsOnSecurity!

Tracing the Supply Chain Attack on Android

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

BotenaGo botnet targets millions of IoT devices using 33 exploits

How Did Authorities Identify the Alleged Lockbit Boss?

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Experts found a new powerful modular Linux cryptominer

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

Who Is Agent Tesla?

Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue

Russia-linked APT28 targets govt bodies with fake NATO training docs

Breach Exposes Users of Microleaves Proxy Service

Latest MITRE EDR Evaluations Contain Some Surprises

Experts discovered Calisto macOS Trojan, the first member of Proton RAT family

Behind the scenes with the head of Kaspersky’s GReAT

50 Ways to Avoid Getting Scammed on Black Friday

Chinese-speaking cybercrime gang Rocke changes tactics

Grandoreiro banking malware targets Mexico and Spain

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild

Microsoft: North Korea-linked Zinc APT targets security experts

New variant of Linux Botnet WatchBog adds BlueKeep scanner

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Millions put at risk by old, out of date routers

Stay Connected