2017, Cryptocurrency, DNS and Malware - Cyber Security Informer

The BlueNoroff cryptocurrency hunt is still on

SecureList

JANUARY 13, 2022

The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure. Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. Malware infection.

Cryptocurrency

Cryptocurrency Malware Accountability Banking

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. Subsequent analysis revealed earlier instances of suspicious code dating back to 2017.

Malware

Malware DNS Encryption Cryptocurrency

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS

DNS Cryptocurrency Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware

Malware DNS Financial Services Retail

IT threat evolution Q3 2023

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. The postinst script contains comments in Russian and Ukrainian, including information about improvements made to the malware, as well as statements by activists.

Malware

Malware Ransomware Encryption Energy and Utilities

IT threat evolution in Q2 2023

SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware

Malware Spyware Cryptocurrency Government

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Security Affairs

AUGUST 8, 2018

Ramnit is one of the most popular banking malware families in existence today, it was first spotted in 2010 as a worm, in 2011, its authors improved it starting from the leaked Zeus source code turning the malware into a banking Trojan. DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns).

Malware

Malware DNS Encryption Banking

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

Too many times turned into fully-featured malware implants by unethical hackers and cyber criminals. Exploring the malware code, we detected multiple evidence indication of the possible belonging malware family: LimeRAT. Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords. C2 retrieval.

Malware

Malware Advertising DNS Antivirus

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware

Malware Adware Spyware Antivirus

Mystic Stealer

Security Boulevard

JUNE 15, 2023

Stealers" are a kind of malware designed to run on an endpoint post-compromise, while their primary features center on the theft of user data. Together with our colleagues at InQuest, we present a deep dive technical analysis of the malware. This is the story of information stealers today. But it doesn't stop there.

Cryptocurrency

Cryptocurrency Password Management Malware DNS

APT trends report Q1 2022

SecureList

APRIL 27, 2022

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-“speaking” languages, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine.

Malware

Malware Firmware Government Phishing

Kaspersky Security Bulletin 2020-2021. EU statistics

SecureList

MAY 26, 2021

70% of Internet user computers in the EU experienced at least one Malware-class attack. Attempted infections by malware designed to steal money via online access to bank accounts were logged on the devices of 79,315 users. The statistics include not only banking threats, but malware for ATMs and payment terminals. Main figures.

Phishing

Phishing Malware Ransomware Adware

DDoS attacks in Q4 2021

SecureList

FEBRUARY 10, 2022

The bot infiltrated the devices through the CVE-2017-6079 vulnerability, which allows execution of arbitrary commands. In some cases, DNS amplification was also used. Like CVE-2017-6079, this vulnerability allows attackers to execute arbitrary commands. For instance, Moobot added a relatively fresh vulnerability to its arsenal.

DDOS

DDOS Cryptocurrency Marketing Accountability

IT threat evolution in Q3 2022. Non-mobile statistics

SecureList

NOVEMBER 18, 2022

Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 99,989 unique users. Number of users attacked by banking malware. In Q3 2022, Kaspersky solutions blocked the launch of at least one piece of banking malware on the computers of 99,989 unique users. Financial threats.

Mobile

Mobile Malware Ransomware IoT

The Hacker Mind Podcast: Scanning the Internet

ForAllSecure

NOVEMBER 2, 2021

Traditional anti-malware research relies on customer systems but what if a particular malware wasn’t on the same platform as your solution software? éveillé from ESET joins The Hacker Mind podcast to talk about the challenges of building his own internet scanner to scan for elusive malware. Marc-Etienne M.Léveillé

Internet

Internet Internet Malware Authentication

Cyber Security Informer

The BlueNoroff cryptocurrency hunt is still on

StripedFly: Perennially flying under the radar

Webinars

Trending Sources

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Webinars

When Low-Tech Hacks Cause High-Impact Breaches

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

IT threat evolution Q3 2023

IT threat evolution in Q2 2023

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

LimeRAT spreads in the wild

Types of Malware & Best Malware Protection Practices

Mystic Stealer

APT trends report Q1 2022

Kaspersky Security Bulletin 2020-2021. EU statistics

DDoS attacks in Q4 2021

IT threat evolution in Q3 2022. Non-mobile statistics

The Hacker Mind Podcast: Scanning the Internet

Stay Connected