2017, Cryptocurrency, Cybercrime and Malware

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware

Malware Cryptocurrency Accountability Cybercrime

The Link Between Ransomware and Cryptocurrency

eSecurity Planet

DECEMBER 21, 2021

The dangers from ransomware have risen sharply since WannaCry and NotPetya hit the scene in 2017, and this year has been no different. Cryptocurrency Fuels Ransomware. One constant in all this will be cryptocurrency, the coin of the realm when it comes to ransomware. Cryptocurrency really is fueling this in a sense.

Cryptocurrency

Cryptocurrency Ransomware Cybercrime Social Engineering

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

North Korea-linked hackers stole $626 million in virtual assets in 2022

Security Affairs

DECEMBER 22, 2022

billion worth of cryptocurrency and other virtual assets in the past five years. billion) in cryptocurrency and other virtual assets in the past five years. economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” North Korea-linked threat actors have stolen an estimated $1.2 Citing the U.S.

Cryptocurrency

Cryptocurrency Cybercrime Media Government

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners. The new piece of malware leverages many exploits to compromise target systems and implements evasion techniques to avoid detection. ” states Trend Micro.

Cryptocurrency

Cryptocurrency Malware Advertising Hacking

Threat Actors Merging Malicious Activity With Cryptocurrency Show How the Attack Landscape is Developing in Decentralized Finance

Security Boulevard

AUGUST 2, 2022

Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. It is easy to detect and block things like malicious cryptocurrency apps or crypto-phishing websites.

Cryptocurrency

Cryptocurrency Ransomware Government Risk

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Malware developers — no longer hiring.

Cybercrime

Cybercrime Banking Malware Ransomware

DoppelPaymer ransomware group suspects identified

Malwarebytes

SEPTEMBER 19, 2023

Since then, cybercrime group specialists from the North Rhine-Westphalia State Criminal Police Office (LKA NRW), together with the Cybercrime Central and Contact Point (ZAC NRW), carried out another targeted strike against people associated with the criminal network. Prevent intrusions. Detect intrusions.

Ransomware

Ransomware Backups Cryptocurrency Cybercrime

$10M Is Yours If You Can Get This Guy to Leave Russia

Krebs on Security

MAY 4, 2023

government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check , one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. In 2017, U.S. In Kulkov’s case, it no doubt was critical to U.S.

Marketing

Marketing Cybercrime Accountability Cryptocurrency

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain. Twitter @Slvlombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

Ransomware attack on Brazil Nuclear Power Facility via Vulnerability

CyberSecurity Insiders

FEBRUARY 8, 2021

And an official confirmation says that the attack was launched by notorious North Korean Lazarus hacking group that is known for its social engineering attacks such as the Wannacry 2017. Note- Lazarus group aka Guardians of Peace is a Cybercrime group that is being funded by North Korean intelligence- as per US Intelligence.

Ransomware

Ransomware Social Engineering Cryptocurrency Cybercrime

Police Shut Down Crypto Mixer That Laundered Over $3 Billion

SecureWorld News

MARCH 16, 2023

Cryptocurrency has become a popular way to conduct transactions online, but it has also become a popular tool for cybercriminals. One of the ways they have been able to use crypto to their advantage is through the use of cryptocurrency mixers. One of the largest cryptocurrency mixers in the world is, or rather was , ChipMixer.

Cryptocurrency

Cryptocurrency Identity Theft Marketing Cybercrime

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. ” reads the post published by Sophos.

Malware

Malware Authentication Passwords Internet

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

According to cyber intelligence firm Intel 471 , that dark_cl0ud6@hotmail.com address has been used in conjunction with the handle “ DCReavers2 ” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums , Blackhatworld, and Ghostmarket. ” The U.S.

Cybercrime

Cybercrime Ransomware Accountability Advertising

Three North Korean hackers charged for financial and revenge-motivated hacks

SC Magazine

FEBRUARY 17, 2021

billion in currency and cryptocurrency and further other strategic interests for the North Korean government. The charges captures years-worth of North Korean hacking, including the widely publicized 2014 Sony hack, the 2016 hack of the Central Bank of Bangladesh, the 2017 WannaCry ransomware attack and others.

Hacking

Hacking Cryptocurrency Banking Malware

Tools to Identify Exfiltration of Large Cryptocurrency Holdings Will Reduce Risk of Large Cyberattacks and Fraud on DeFi Platforms

Security Boulevard

MAY 27, 2022

The Exfiltration Phase of The Kill Chain of a Cryptocurrency-Based Attack Provides the Greatest Opportunity to Identify Cybercriminals. Cryptocurrency gained through illicit means is less useable than other assets due to the way cryptocurrency systems currently do not fully protect owner identity and allow for only limited liquidity.

Cryptocurrency

Cryptocurrency Risk Marketing Architecture

Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps

Security Affairs

MARCH 28, 2019

Security experts at Group-IB have detected the activity of Gustuff a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported.

Banking

Banking Cryptocurrency Mobile Advertising

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls.

Malware

Malware Cryptocurrency Firewall Cybercrime

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. In 2017-2018 hackers’ interest in cryptocurrency exchanges ramped up. Thus, 60% of the total amount was stolen from Coincheck , a Japanese cryptocurrency exchange.

Cybercrime

Cybercrime Hacking Banking Phishing

8220 Gang Cloud Botnet infected 30,000 host globally

Security Affairs

JULY 21, 2022

The gang focuses on infecting cloud hosts to deploy cryptocurrency miners by exploiting known vulnerabilities and conducting brute-force attacks. IRC Botnet malware and miner download/configuration and remediation persistence. Tsunami IRC Botnet malware sample validation and connectivity. PwnRig cryptocurrency miner execution.

Cryptocurrency

Cryptocurrency Malware Internet Internet

Fileless PowerGhost cryptocurrency miner leverages EternalBlue exploit to spread

Security Affairs

JULY 30, 2018

Security experts from Kaspersky Lab have spotted a new cryptocurrency miner dubbed PowerGhost that can spread leveraging a fileless infection technique. “The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers.”

Cryptocurrency

Cryptocurrency DDOS Advertising Malware

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency

Cryptocurrency Passwords Authentication Accountability

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

They could be on the other side of the globe, part of a cybercrime regime that will never be discovered, much less brought to justice. An unsuspecting employee will open a legitimate-looking message and click a link or download a file that releases embedded malware onto their machine or the broader company network.

Ransomware

Ransomware Education Financial Services Phishing

British hacker arraigned for running The Real Deal dark web marketplace

Security Affairs

OCTOBER 26, 2022

Kaye laundered cryptocurrency obtained from the illegal The Real Deal operation through the mixing service Bitmixer.io. Kaye made a name for himself as the developer and seller of the GovRAT malware that his “customers” used to hack U.S. ’s National Crime Agency (NCA) in February 2017. Kaye was arrested by U.K.’s

Marketing

Marketing Government Hacking Accountability

Ursnif: The Latest Evolution of the Most Popular Banking Malware

Security Affairs

APRIL 5, 2019

A few days ago, the researchers of ZLab Yoroi-Cybaze dissected another attack wave of the infamous Ursnif malware, also known as Gozi ISFB , an offspring of the original Gozi which source code was leaked in 2014. Ursnif/Gozi is active from over a decade and was one of the most active malware listed in 2017 and 2018.

Banking

Banking Malware Cryptocurrency Advertising

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

If you want to also receive for free the international press subscribe here. million customers impacted. million customers impacted. million customers impacted. million customers impacted.

Data breaches

Data breaches Hacking Cryptocurrency Scams

Malicious Use of Internet Information Services (IIS) Extensions Likely to Grow

Security Boulevard

AUGUST 4, 2022

Department of Justice announced on July 26 that it seized approximately half a million dollars’ worth of cryptocurrency assets from North Korean based threat actors, who receive the funds as ransom following a ransomware operation against U.S. based hospitals. 2 , 3 ) In late July, the U.S. 5 ) More recently, the U.S.

Internet

Internet Internet Cryptocurrency Cybercrime

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. SecurityAffairs – hacking, cybercrime). The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5

Advertising

Advertising Cybercrime Hacking Cryptocurrency

Mirai authors avoid the jail by helping US authorities in other investigations

Security Affairs

SEPTEMBER 19, 2018

Three men who admitted to being the authors of the Mirai botnet avoided the jail after helping the FBI in other cybercrime investigations. Now three individuals who admitted to being the authors of the infamous botnet avoided the jail after helping feds in another cybercrime investigations. District Judge Timothy M. “On Dec.

Cybercrime

Cybercrime DDOS Cryptocurrency Advertising

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

Security Affairs

AUGUST 5, 2018

The expert called this new malware ZombieBoy because it uses a tool called ZombieBoyTools to drop the first dll, it uses some exploits to spread. Unlike MassMiner cryptocurrency miner, ZombieBoy leverages WinEggDrop instead of MassScan to search for new hosts to infect. CVE-2017-0143 , SMB exploit. CVE-2017-0146 , SMB exploit.

Cryptocurrency

Cryptocurrency Advertising Malware Ransomware

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Image: treasury.gov.

Ransomware

Ransomware Cybercrime Accountability Malware

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware

Malware DNS Financial Services Retail

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Security Affairs

DECEMBER 8, 2020

The French court acquitted Vinnik of charges of extortion and association with a cybercrime organization. In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. million withdrawn.

Cryptocurrency

Cryptocurrency Hacking Ransomware Cybercrime

Cybersecurity Year in Review and Our Predictions Moving Forward

SiteLock

AUGUST 27, 2021

In it, we identified the trends, threats, and innovations in cybercrime that small businesses need to know about in order to keep their websites secure. Even as the number of attacks rose, only 60,000 sites in our sample were actually compromised — which is comparable to our 2017 findings.

Cybersecurity

Cybersecurity Engineering Firewall Malware

AlphaBay dark web marketplace moderator was sentenced to 11 years of prison time

Security Affairs

SEPTEMBER 3, 2020

.” AlphaBay Market was considered to be the largest dark web drug marketplace with over 250,000 listings for illegal drugs and toxic chemicals , and over 100,000 listings for stolen and fraudulent identification documents and access devices, counterfeit goods, malware, and other computer hacking tools, firearms, and fraudulent services.

Marketing

Marketing Cryptocurrency Scams Advertising

The author of the Mirai botnet gets six months of house arrest

Security Affairs

OCTOBER 30, 2018

In September, Jha and two accomplices admitted to be the authors of the infamous botnet and avoided the jail after helping feds in another cybercrime investigations. Securi ty Affairs – Mirai botnet, malware). According to the authorities, the three earned roughly $180,000 through their click fraud scheme. Pierluigi Paganini.

DDOS

DDOS IoT Advertising Malware

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

eSecurity Planet

SEPTEMBER 14, 2022

Cybercrime is a growth industry like no other. According to statistics from the FBI’s 2021 Internet Crime Report , complaints to the Internet Crime Complaint Center (IC3) have been rising since 2017. One particularly potent emergent technology for scammers is blockchain and the related cryptocurrency and NFTs. Social Tactics.

Social Engineering

Social Engineering Energy and Utilities Phishing Scams

U.S. offers up to $5 Million rewards for info on North Korea-linked operations

Security Affairs

APRIL 16, 2020

and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.” Under the pressure of robust U.S. ” reads the advisory. government refers to as HIDDEN COBRA. . ” concludes the advisory.

Cyber threats

Cyber threats Banking Government Advertising

Cryptominer ELFs Using MSR to Boost Mining Process

Security Affairs

AUGUST 5, 2021

Though some of the functionalities were similar to the malware discussed by the security firm Intezer last year, the newer variants of this malware had a bunch of activities up its sleeve. In this blog, we will detail the usage of MSR to disable the hardware prefetcher in the cryptomining malwares. Figure 8: Scanner modules.

Malware

Malware Architecture Firewall Cryptocurrency

IT threat evolution in Q2 2023

SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware

Malware Spyware Cryptocurrency Government

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Security Affairs

AUGUST 8, 2018

Ramnit is one of the most popular banking malware families in existence today, it was first spotted in 2010 as a worm, in 2011, its authors improved it starting from the leaked Zeus source code turning the malware into a banking Trojan. DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns).

Malware

Malware DNS Encryption Banking

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

OCTOBER 10, 2018

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 In December 2017, Group-IB published the first report on this group: “MoneyTaker: 1.5

Cyber Attacks

Cyber Attacks Banking Cyber threats Phishing

Your Small Business Cybersecurity Guide to the Most Common Cyberthreats

SiteLock

AUGUST 27, 2021

Over time, we predict a decrease in “noisy” attacks such as SEO spam and redirects: As malware scanners and website developers advance their techniques, these types of attacks are easier to detect and remove. This makes stealthy attacks incredibly popular in the cybercrime community. Stealthy Cybersecurity Risks for SMBs. Ransomware.

Small Business

Small Business Cybersecurity Phishing DDOS

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

According to experts from Avast, the Torii bot has been active since at least December 2017, it could targets a broad range of architectures, including ARM, MIPS, x86, x64, PowerPC, and SuperH. The Torii IoT botnet stands out for the largest sets of architectures it is able to target. ” reads the analysis published by Avast.

IoT

IoT Architecture Advertising DDOS

DarkGate malware campaign abuses Skype and Teams

The Link Between Ransomware and Cryptocurrency

Webinars

Trending Sources

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Webinars

North Korea-linked hackers stole $626 million in virtual assets in 2022

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Threat Actors Merging Malicious Activity With Cryptocurrency Show How the Attack Landscape is Developing in Decentralized Finance

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

DoppelPaymer ransomware group suspects identified

$10M Is Yours If You Can Get This Guy to Leave Russia

Wannacry, the hybrid malware that brought the world to its knees

Ransomware attack on Brazil Nuclear Power Facility via Vulnerability

Police Shut Down Crypto Mixer That Laundered Over $3 Billion

Lemon_Duck cryptomining malware evolves to target Linux devices

Canada Charges Its “Most Prolific Cybercriminal”

Three North Korean hackers charged for financial and revenge-motivated hacks

Tools to Identify Exfiltration of Large Cryptocurrency Holdings Will Reduce Risk of Large Cyberattacks and Fraud on DeFi Platforms

Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

8220 Gang Cloud Botnet infected 30,000 host globally

Fileless PowerGhost cryptocurrency miner leverages EternalBlue exploit to spread

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

British hacker arraigned for running The Real Deal dark web marketplace

Ursnif: The Latest Evolution of the Most Popular Banking Malware

Security Affairs newsletter Round 318

Malicious Use of Internet Information Services (IIS) Extensions Likely to Grow

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Mirai authors avoid the jail by helping US authorities in other investigations

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

How Did Authorities Identify the Alleged Lockbit Boss?

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Cybersecurity Year in Review and Our Predictions Moving Forward

AlphaBay dark web marketplace moderator was sentenced to 11 years of prison time

The author of the Mirai botnet gets six months of house arrest

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

U.S. offers up to $5 Million rewards for info on North Korea-linked operations

Cryptominer ELFs Using MSR to Boost Mining Process

IT threat evolution in Q2 2023

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Your Small Business Cybersecurity Guide to the Most Common Cyberthreats

Torii botnet, probably the most sophisticated IoT botnet of ever

Stay Connected