2017, Antivirus, Blog and Passwords - Cyber Security Informer

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico. Background of Latin American Trojans.

Antivirus

Antivirus Malware Banking Internet

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" [link] — briankrebs (@briankrebs) September 13, 2017. Bruce Schneier | @schneierblog.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The software is broadly classified as malware by most antivirus companies, likely thanks to an advertised feature list that includes dumping the remote computer’s temporary memory; retrieving passwords from dozens of email programs; snarfing the target’s Wi-Fi credentials; and viewing the target’s Webcam.

Advertising

Advertising Antivirus Software Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running. ru using the email address tretyakov-files@yandex.ru.

Ransomware

Ransomware Accountability Cybercrime Backups

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. Those records show this individual routinely re-used the same password across multiple accounts: 16061991. Vpn-service[.]us

Ransomware

Ransomware Accountability Cybercrime Passwords

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Attackers used Twitter profiles for sharing links to a blog under their control ( br0vvnn[.]io The attackers published a blog post titled “DOS2RCE: A New Technique To Exploit V8 NULL Pointer Dereference Bug ” and shared it via Twitter. “If you visited the referenced ZINC-owned blog (br0vvnn[.]io),

Malware

Malware Antivirus Hacking Accountability

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

was used to register at least six domains, including a Russian business registered in Khoroshev’s name called tkaner.com , which is a blog about clothing and fabrics. used the password 225948. According to DomainTools.com , the address sitedev5@yandex.ru Another domain registered to that phone number was stairwell[.]ru

Ransomware

Ransomware Cybercrime Accountability Malware

Copy-paste heist or clipboard-injector attacks on cryptousers

SecureList

MARCH 28, 2023

Although we have written about a similar malware attack in 2017 in one of our blogposts , the technique is still very relevant today as it doesn’t have any perfect solution from the perspective of operating system design. A password-protected RAR archive (random password).

Cryptocurrency

Cryptocurrency Malware Banking Passwords

LemonDuck no longer settles for breadcrumbs

Malwarebytes

JULY 30, 2021

LemonDuck has evolved from a Monero cryptominer into LemonCat, a Trojan that specializes in backdoor installation, credential and data theft, and malware delivery, according to the Microsoft 365 Defender Threat Intelligence Team, which explained their findings in a two-part story [ 1 ][ 2 ] on the Microsoft Security blog.

Malware

Malware Penetration Testing Passwords Antivirus

SeroXen RAT for sale

CyberSecurity Insiders

MAY 31, 2023

This blog was jointly written with Alejandro Prada and Ofer Caspi. It has been historically associated with malicious activity performed by threat actors, APT groups (like in this Mandiant report from 2017), or government attacks (in this report by Unit42 in 2017). in March 2023, which is the most current version.

Malware

Malware Antivirus Encryption Advertising

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

In July 2017, Russian antivirus vendor Dr.Web published research showing that Triada had been installed by default on at least four low-cost Android models. Google declined to elaborate on its blog post. Shanghai Wildfire did not respond to multiple requests for comment.

Mobile

Mobile Technology Manufacturing Malware

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

In July 2017, Russian antivirus vendor Dr.Web published research showing that Triada had been installed by default on at least four low-cost Android models. Google declined to elaborate on its blog post. Shanghai Wildfire did not respond to multiple requests for comment.

Mobile

Mobile Technology Manufacturing Software

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

OCTOBER 17, 2018

How Microsoft Excel is able to decrypt such a content if no password is requested to the end user? Using an encrypted payload is quite a common way to evade Antivirus, since the encrypted payload changes depending on the used key. It makes an explicit date control check to 0x7E1 (2017). Stage1: Encrypted Content.

Malware

Malware Computers and Electronics Encryption Penetration Testing

Spam and phishing in 2020

SecureList

FEBRUARY 15, 2021

The email antivirus was triggered most frequently by email messages containing members of the Trojan.Win32.Agentb We assume that those who called the numbers were asked to provide the login and password for the service that the scammers were imitating, or to pay for some diagnostics and troubleshooting services. Agentb malware family.

Phishing

Phishing Malware Scams Accountability

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

FEBRUARY 8, 2021

According to security firm Gemini Advisory, the Fin7 hacker group stole data on more than five million credit and debit cards that had been used at HBC credit card terminals beginning in May 2017. Evolving threats. Multi-factor authentication is also required for remote access. And that’s not just true for your security team.

Retail

Retail Encryption Malware Artificial Intelligence

IT threat evolution in Q2 2021. PC statistics

SecureList

AUGUST 12, 2021

Web antivirus recognized 675,832,360 unique URLs as malicious. Our file antivirus detected 68,294,298 unique malicious and potentially unwanted objects. In their blog, DarkSide’s creators heaped the blame on third-party operators. Ransomware attacks were defeated on the computers of 97,451 unique users. are still current.

Adware

Adware Malware Ransomware IoT

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

The installed payload actually is a Base64 encoded PE32 file, file-lessly stored within the registry hive to avoid antivirus detection. Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords. Technical details, including IoCs and Yara Rules, are available in the analysis published on the Yoroi blog.

Malware

Malware Advertising DNS Antivirus

Sunburst backdoor – code overlaps with Kazuar

SecureList

JANUARY 11, 2021

On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In a previous blog, we dissected the method used by Sunburst to communicate with its C2 server and the protocol by which victims are upgraded for further exploitation.

Malware

Malware Media Internet Internet

RM3 – Curiosities of the wildest banking malware

Fox IT

MAY 4, 2021

In 2017, yet another new version was detected in the wild with a number of major modifications compared to the previous main variant: Rebranded RM loader (called RM3 ) Used exotic PE file format exclusively designed for this banking malware Modular architecture Network communication reworked New modules. Module list.

Banking

Banking Malware Encryption Architecture

Cyber Security Informer

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Top Cybersecurity Accounts to Follow on Twitter

Webinars

Trending Sources

Who’s Behind the RevCode WebMonitor RAT?

Webinars

A Closer Look at the Snatch Data Ransom Group

Who’s Behind the GandCrab Ransomware?

Microsoft: North Korea-linked Zinc APT targets security experts

How Did Authorities Identify the Alleged Lockbit Boss?

Copy-paste heist or clipboard-injector attacks on cryptousers

LemonDuck no longer settles for breadcrumbs

SeroXen RAT for sale

Tracing the Supply Chain Attack on Android

Tracing the Supply Chain Attack on Android

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Spam and phishing in 2020

Point-of-Sale (POS) Security Measures for 2021

IT threat evolution in Q2 2021. PC statistics

LimeRAT spreads in the wild

Sunburst backdoor – code overlaps with Kazuar

RM3 – Curiosities of the wildest banking malware

Stay Connected