Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. A review of DNS records for both printschoolmedia[.]org DNS records for worldwiredlabs[.]com org and wwlabshosting[.]com

DNS 248

DNS Cybercrime Passwords Accountability 248

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking 79

Hacking DNS Cryptocurrency Accountability 79

Security Affairs

JANUARY 13, 2019

FlawedGrace is a full-featured RAT that we first observed in November 2017.” ” The TA505 group was first spotted by Proofpoint back 2017, it has been active at least since 2015 and targets organizations in financial and retail industries. SecurityAffairs – TA505, cybercrime). The support for “.bit” bit, arepos[.]bit).null.

Malware 91

Malware DNS Financial Services Retail 91

Security Affairs

AUGUST 8, 2018

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). The proxy malware supports back-connect mode, relay mode, IPv4, IPv6 protocols, TCP and UDP transports, with first samples seen in the second half of 2017.”. Malware actor publishes the address of the Bot-A in DNS (or using any other public channel).

Malware 47

Malware DNS Encryption Banking 47

SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware 72

Malware Spyware Cryptocurrency Government 72

SecureList

FEBRUARY 10, 2022

The bot infiltrated the devices through the CVE-2017-6079 vulnerability, which allows execution of arbitrary commands. In some cases, DNS amplification was also used. Like CVE-2017-6079, this vulnerability allows attackers to execute arbitrary commands. For instance, Moobot added a relatively fresh vulnerability to its arsenal.

DDOS 101

DDOS Cryptocurrency Marketing Accountability 101

SecureList

APRIL 27, 2022

This application contains a legitimate program called DeFi Wallet, that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed. The OOXML files have an external reference to the attacker’s server and download an RTF document exploiting the CVE-2017-11882 vulnerability.

Malware 129

Malware Firmware Government Phishing 129